SUSE Security Update: Security update for Java 1.6.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0308-1
Rating:             important
References:         #747208 
Cross-References:   CVE-2011-3563 CVE-2011-3571 CVE-2011-5035
                    CVE-2012-0497 CVE-2012-0501 CVE-2012-0502
                    CVE-2012-0503 CVE-2012-0505 CVE-2012-0506
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP1 FOR SP2
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:


   java-1_6_0-openjdk was updated to the IcedTea 1.11.1 b24
   release, fixing  multiple security issues:

   * S7082299, CVE-2011-3571: Fix inAtomicReferenceArray
   * S7088367, CVE-2011-3563: Fix issues in java sound
   * S7110683, CVE-2012-0502: Issues with some
   KeyboardFocusManager method
   * S7110687, CVE-2012-0503: Issues with TimeZone class
   * S7110700, CVE-2012-0505: Enhance exception throwing
   mechanism in ObjectStreamClass
   * S7110704, CVE-2012-0506: Issues with some method in
   corba
   * S7112642, CVE-2012-0497: Incorrect checking for
   graphics rendering object
   * S7118283, CVE-2012-0501: Better input parameter
   checking in zip file processing
   * S7126960, CVE-2011-5035: (httpserver) Add property to
   limit number of request headers to the HTTP Server

   Security Issue references:

   * CVE-2011-3571
   
   * CVE-2011-3563
   
   * CVE-2012-0502
   
   * CVE-2012-0503
   
   * CVE-2012-0505
   
   * CVE-2012-0506
   
   * CVE-2012-0497
   
   * CVE-2012-0501
   
   * CVE-2011-5035
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2:

      zypper in -t patch sledsp1fsp2-java-1_6_0-openjdk-5845

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-java-1_6_0-openjdk-5845

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1
      java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1
      java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1
      java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1
      java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1


References:

   https://www.suse.com/security/cve/CVE-2011-3563.html
   https://www.suse.com/security/cve/CVE-2011-3571.html
   https://www.suse.com/security/cve/CVE-2011-5035.html
   https://www.suse.com/security/cve/CVE-2012-0497.html
   https://www.suse.com/security/cve/CVE-2012-0501.html
   https://www.suse.com/security/cve/CVE-2012-0502.html
   https://www.suse.com/security/cve/CVE-2012-0503.html
   https://www.suse.com/security/cve/CVE-2012-0505.html
   https://www.suse.com/security/cve/CVE-2012-0506.html
   https://bugzilla.novell.com/747208
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0308-1: important: Java 1.6.0

February 27, 2012
An update that fixes 9 vulnerabilities is now available

Summary

java-1_6_0-openjdk was updated to the IcedTea 1.11.1 b24 release, fixing multiple security issues: * S7082299, CVE-2011-3571: Fix inAtomicReferenceArray * S7088367, CVE-2011-3563: Fix issues in java sound * S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method * S7110687, CVE-2012-0503: Issues with TimeZone class * S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass * S7110704, CVE-2012-0506: Issues with some method in corba * S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object * S7118283, CVE-2012-0501: Better input parameter checking in zip file processing * S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server Security Issue references: * CVE-2011-3571 * CVE-2011-3563 * CVE-2012-0502 * CVE-2012-0503 * CVE-2012-0505 * CVE-2012-0506 * CVE-2012-0497 * CVE-2012-0501 * CVE-2011-5035 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2: zypper in -t patch sledsp1fsp2-java-1_6_0-openjdk-5845 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-java-1_6_0-openjdk-5845 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-demo-1.6.0.0_b24.1.11.1-0.3.1 java-1_6_0-openjdk-devel-1.6.0.0_b24.1.11.1-0.3.1

References

#747208

Cross- CVE-2011-3563 CVE-2011-3571 CVE-2011-5035

CVE-2012-0497 CVE-2012-0501 CVE-2012-0502

CVE-2012-0503 CVE-2012-0505 CVE-2012-0506

Affected Products:

SUSE Linux Enterprise Desktop 11 SP1 FOR SP2

SUSE Linux Enterprise Desktop 11 SP1

https://www.suse.com/security/cve/CVE-2011-3563.html

https://www.suse.com/security/cve/CVE-2011-3571.html

https://www.suse.com/security/cve/CVE-2011-5035.html

https://www.suse.com/security/cve/CVE-2012-0497.html

https://www.suse.com/security/cve/CVE-2012-0501.html

https://www.suse.com/security/cve/CVE-2012-0502.html

https://www.suse.com/security/cve/CVE-2012-0503.html

https://www.suse.com/security/cve/CVE-2012-0505.html

https://www.suse.com/security/cve/CVE-2012-0506.html

https://bugzilla.novell.com/747208

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:0308-1
Rating: important

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved