Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1331-1

Опубликовано: 28 июл. 2015
Источник: suse-cvrf

Описание

Security update for java-1_7_1-ibm

IBM Java was updated to 7.1-3.10 to fix several security issues.

The following vulnerabilities were fixed:

  • CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
  • CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
  • CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data.
  • CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data.
  • CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data.
  • CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data.
  • CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.
  • CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS).
  • CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution.

Список пакетов

SUSE Linux Enterprise Server 12
java-1_7_1-ibm-1.7.1_sr3.10-14.1
java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-1.7.1_sr3.10-14.1
java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Software Development Kit 12
java-1_7_1-ibm-devel-1.7.1_sr3.10-14.1

Ссылки

Описание

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки

Описание

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Затронутые продукты
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1
Ссылки
Уязвимость SUSE-SU-2015:1331-1