Описание
Security update for java-1_6_0-ibm
IBM Java 1.6.0 was updated to SR16-FP4 fixing security issues and bugs.
Tabulated information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_May_2015
CVEs addressed: CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 CVE-2015-0491 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204
Additional bugs fixed:
- Fix javaws/plugin stuff should slave plugin update-alternatives (bnc#912434)
- Changed Java to use the system root CA certificates (bnc#912447)
Список пакетов
SUSE Linux Enterprise Module for Legacy 12
Ссылки
- Link for SUSE-SU-2015:1161-1
- E-Mail link for SUSE-SU-2015:1161-1
- SUSE Security Ratings
- SUSE Bug 912434
- SUSE Bug 912447
- SUSE Bug 930365
- SUSE Bug 931702
- SUSE CVE CVE-2015-0138 page
- SUSE CVE CVE-2015-0192 page
- SUSE CVE CVE-2015-0204 page
- SUSE CVE CVE-2015-0458 page
- SUSE CVE CVE-2015-0459 page
- SUSE CVE CVE-2015-0469 page
- SUSE CVE CVE-2015-0477 page
- SUSE CVE CVE-2015-0478 page
- SUSE CVE CVE-2015-0480 page
- SUSE CVE CVE-2015-0488 page
- SUSE CVE CVE-2015-0491 page
- SUSE CVE CVE-2015-1914 page
- SUSE CVE CVE-2015-2808 page
Описание
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Затронутые продукты
Ссылки
- CVE-2015-0138
- SUSE Bug 952088
Описание
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
Затронутые продукты
Ссылки
- CVE-2015-0192
- SUSE Bug 952088
Описание
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Затронутые продукты
Ссылки
- CVE-2015-0204
- SUSE Bug 912014
- SUSE Bug 920482
- SUSE Bug 920484
- SUSE Bug 927591
- SUSE Bug 927623
- SUSE Bug 936787
- SUSE Bug 952088
Описание
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2015-0458
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491.
Затронутые продукты
Ссылки
- CVE-2015-0459
- SUSE Bug 927591
- SUSE Bug 932310
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2015-0469
- SUSE Bug 927591
- SUSE Bug 932310
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
Затронутые продукты
Ссылки
- CVE-2015-0477
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
Затронутые продукты
Ссылки
- CVE-2015-0478
- SUSE Bug 927591
- SUSE Bug 944456
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
Затронутые продукты
Ссылки
- CVE-2015-0480
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
Затронутые продукты
Ссылки
- CVE-2015-0488
- SUSE Bug 927591
Описание
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.
Затронутые продукты
Ссылки
- CVE-2015-0491
- SUSE Bug 927591
- SUSE Bug 932310
Описание
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
Затронутые продукты
Ссылки
- CVE-2015-1914
- SUSE Bug 952088
Описание
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Затронутые продукты
Ссылки
- CVE-2015-2808
- SUSE Bug 925378
- SUSE Bug 938248
- SUSE Bug 938895
- SUSE Bug 952088