Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1073-1

Опубликовано: 12 июн. 2015
Источник: suse-cvrf

Описание

Security update for java-1_7_0-ibm

This update fixes the following security issues:

  • Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138

  • Fix removeing links before update-alternatives run. bnc#931702

  • Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives

  • Fix bnc#912447, use system cacerts

  • Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891

Список пакетов

SUSE Linux Enterprise Server 12
java-1_7_1-ibm-1.7.1_sr3.0-11.1
java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-1.7.1_sr3.0-11.1
java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Software Development Kit 12
java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1

Ссылки

Описание

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
Ссылки

Описание

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
Ссылки

Описание

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
Ссылки

Описание

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
Ссылки