What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for java-1_5_0-ibm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0376-1
Rating:             important
References:         #891699 #901223 #901239 #904889 #916265 #916266 
                    
Cross-References:   CVE-2014-8891 CVE-2014-8892
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that solves two vulnerabilities and has four
   fixes is now available.

Description:


   java-1_5_0-ibm has been updated to fix 19 security issues:

       * CVE-2014-8891: Unspecified vulnerability (bnc#916266).
       * CVE-2014-8892: Unspecified vulnerability (bnc#916265).
       * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
         Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
         6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
         before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary
         code via vectors related to the shared classes cache (bnc#904889).
       * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
         1.0.1i and other products, uses nondeterministic CBC padding, which
         makes it easier for man-in-the-middle attackers to obtain cleartext
         data via a padding-oracle attack, aka the "POODLE" issue
         (bnc#901223).
       * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
         attackers to affect confidentiality, integrity, and availability via
         unknown vectors related to Libraries (bnc#901239).
       * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20 allows remote attackers to affect
         confidentiality via unknown vectors related to 2D (bnc#901239).
       * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
         attackers to affect confidentiality via unknown vectors related to
         Libraries (bnc#901239).
       * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
         R28.3.3 allows remote attackers to affect integrity via unknown
         vectors related to Libraries (bnc#901239).
       * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
         and R28.3.3 allows remote attackers to affect confidentiality and
         integrity via vectors related to JSSE (bnc#901239).
       * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
         attackers to affect integrity via unknown vectors related to
         Libraries (bnc#901239).
       * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
         6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
         JRockit R28.3.3 allows remote attackers to affect integrity via
         unknown vectors related to Security (bnc#901239).
       * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allows remote attackers to affect
         confidentiality, integrity, and availability via unknown vectors         related to Libraries (bnc#891699).
       * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
         7u60, and 8u5 allows remote attackers to affect confidentiality,
         integrity, and availability via unknown vectors related to Hotspot
         (bnc#891699).
       * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allows remote attackers to affect
         confidentiality and integrity via vectors related to JMX
         (bnc#891699).
       * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allows remote attackers to affect
         confidentiality via unknown vectors related to Swing (bnc#891699).
       * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allows remote attackers to affect integrity via
         unknown vectors related to Libraries (bnc#891699).
       * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5 allows remote attackers to affect
         confidentiality via unknown vectors related to Security (bnc#891699).
       * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote
         attackers to affect confidentiality and integrity via unknown
         vectors related to "Diffie-Hellman key agreement (bnc#891699).
       * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
         6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows
         remote attackers to affect confidentiality and integrity via unknown
         vectors related to Security (bnc#891699).

   Security Issues:

       * CVE-2014-8892
         
       * CVE-2014-8891
         



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

      java-1_5_0-ibm-1.5.0_sr16.9-0.6.1
      java-1_5_0-ibm-devel-1.5.0_sr16.9-0.6.1
      java-1_5_0-ibm-fonts-1.5.0_sr16.9-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):

      java-1_5_0-ibm-32bit-1.5.0_sr16.9-0.6.1
      java-1_5_0-ibm-devel-32bit-1.5.0_sr16.9-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64):

      java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.9-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586):

      java-1_5_0-ibm-alsa-1.5.0_sr16.9-0.6.1
      java-1_5_0-ibm-jdbc-1.5.0_sr16.9-0.6.1
      java-1_5_0-ibm-plugin-1.5.0_sr16.9-0.6.1


References:

   https://support.novell.com/security/cve/CVE-2014-8891.html
   https://support.novell.com/security/cve/CVE-2014-8892.html
   https://bugzilla.suse.com/891699
   https://bugzilla.suse.com/901223
   https://bugzilla.suse.com/901239
   https://bugzilla.suse.com/904889
   https://bugzilla.suse.com/916265
   https://bugzilla.suse.com/916266
   https://download.suse.com/patch/finder/?keywords=2c3b79e944e87fd633df27d6879fd0ea

SuSE: 2015:0376-1: important: java-1_5_0-ibm

February 25, 2015
An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four fixes is now av...

Summary

java-1_5_0-ibm has been updated to fix 19 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266). * CVE-2014-8892: Unspecified vulnerability (bnc#916265). * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#901239). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#901239). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (bnc#901239). * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891699). * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#891699). * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX (bnc#891699). * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#891699). * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#891699). * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security (bnc#891699). * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement (bnc#891699). * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security (bnc#891699). Security Issues: * CVE-2014-8892 * CVE-2014-8891 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.9-0.6.1

References

#891699 #901223 #901239 #904889 #916265 #916266

Cross- CVE-2014-8891 CVE-2014-8892

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

https://support.novell.com/security/cve/CVE-2014-8891.html

https://support.novell.com/security/cve/CVE-2014-8892.html

https://bugzilla.suse.com/891699

https://bugzilla.suse.com/901223

https://bugzilla.suse.com/901239

https://bugzilla.suse.com/904889

https://bugzilla.suse.com/916265

https://bugzilla.suse.com/916266

https://download.suse.com/patch/finder/?keywords=2c3b79e944e87fd633df27d6879fd0ea

Severity
Announcement ID: SUSE-SU-2015:0376-1
Rating: important

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo