Описание
Security update for java-1_8_0-ibm
This update for java-1_8_0-ibm fixes the following issues:
-
IBM Java 80-3.0 released: (bsc#977646 bsc#977648 bsc#977650 bsc#979252) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426
-
There is no HtmlConverter and apt provided by jdk8 bsc#965665
Список пакетов
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:1475-1
- E-Mail link for SUSE-SU-2016:1475-1
- SUSE Security Ratings
- SUSE Bug 965665
- SUSE Bug 977646
- SUSE Bug 977648
- SUSE Bug 977650
- SUSE Bug 979252
- SUSE CVE CVE-2016-0264 page
- SUSE CVE CVE-2016-0363 page
- SUSE CVE CVE-2016-0376 page
- SUSE CVE CVE-2016-0686 page
- SUSE CVE CVE-2016-0687 page
- SUSE CVE CVE-2016-3422 page
- SUSE CVE CVE-2016-3426 page
- SUSE CVE CVE-2016-3427 page
- SUSE CVE CVE-2016-3443 page
- SUSE CVE CVE-2016-3449 page
Описание
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-0264
- SUSE Bug 977648
- SUSE Bug 979252
Описание
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
Затронутые продукты
Ссылки
- CVE-2016-0363
- SUSE Bug 977650
- SUSE Bug 979252
Описание
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
Затронутые продукты
Ссылки
- CVE-2016-0376
- SUSE Bug 977646
- SUSE Bug 977650
- SUSE Bug 979252
- SUSE Bug 981057
- SUSE Bug 981060
- SUSE Bug 981087
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
Затронутые продукты
Ссылки
- CVE-2016-0686
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
Затронутые продукты
Ссылки
- CVE-2016-0687
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
Затронутые продукты
Ссылки
- CVE-2016-3422
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Затронутые продукты
Ссылки
- CVE-2016-3426
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Затронутые продукты
Ссылки
- CVE-2016-3427
- SUSE Bug 1011805
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2016-3443
- SUSE Bug 976340
- SUSE Bug 979252
Описание
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
Затронутые продукты
Ссылки
- CVE-2016-3449
- SUSE Bug 976340
- SUSE Bug 979252