Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

openSUSE 13.2: 2015:0773-1 Critical: Java-1_8_0-OpenJDK RCE Threat

opensuse
Calendar Grey April 27, 2015
Dist Opensuse Esm H88
Crucial news for Fedora addressing 11 flaws in python3.8. Stay protected by applying the latest updates offered.
An update that fixes 13 vulnerabilities is now available.

Description

OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.

The following vulnerabilities were fixed:

* CVE-2015-0458: Deployment: unauthenticated remote attackers could

execute arbitrary code via multiple protocols.

* CVE-2015-0459: 2D: unauthenticated remote attackers could execute

arbitrary code via multiple protocols.

* CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute

arbitrary code via multiple protocols.

* CVE-2015-0469: 2D: unauthenticated remote attackers could execute

arbitrary code via multiple protocols.

* CVE-2015-0470: Hotspot: unauthenticated remote attackers could update,

insert or delete some JAVA accessible data via multiple protocols

* CVE-2015-0477: Beans: unauthenticated remote attackers could update,

insert or delete some JAVA accessible data via multiple protocols

* CVE-2015-0478: JCE: unauthenticated remote attackers could read some

JAVA accessible data via multiple...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-332=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.45-9.3

java-1_8_0-openjdk-accessibility-1.8.0.45-9.3

java-1_8_0-openjdk-debuginfo-1.8.0.45-9.3

java-1_8_0-openjdk-debugsource-1.8.0.45-9.3

java-1_8_0-openjdk-demo-1.8.0.45-9.3

java-1_8_0-openjdk-demo-debuginfo-1.8.0.45-9.3

java-1_8_0-openjdk-devel-1.8.0.45-9.3

java-1_8_0-openjdk-headless-1.8.0.45-9.3

java-1_8_0-openjdk-headless-debuginfo-1.8.0.45-9.3

java-1_8_0-openjdk-src-1.8.0.45-9.3

- openSUSE 13.2 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.45-9.3

References

https://www.suse.com/security/cve/CVE-2015-0458.html

https://www.suse.com/security/cve/CVE-2015-0459.html

https://www.suse.com/security/cve/CVE-2015-0460.html

https://www.suse.com/security/cve/CVE-2015-0469.html

https://www.suse.com/security/cve/CVE-2015-0470.html

https://www.suse.com/security/cve/CVE-2015-0477.html

https://www.suse.com/security/cve/CVE-2015-0478.html

https://www.suse.com/security/cve/CVE-2015-0480.html

https://www.suse.com/security/cve/CVE-2015-0484.html

https://www.suse.com/security/cve/CVE-2015-0486.html

https://www.suse.com/security/cve/CVE-2015-0488.html

https://www.suse.com/security/cve/CVE-2015-0491.html

https://www.suse.com/security/cve/CVE-2015-0492.html

https://bugzilla.suse.com/927591

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:0773-1
Rating: important
Affected Products: openSUSE 13.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.