SuSE: 2015:0392-1: important: java-1_6_0-ibm
Summary
java-1_6_0-ibm has been updated to version 1.6.0_sr16.3 to fix 30 security
issues:
* CVE-2014-8891: Unspecified vulnerability (bnc#916266)
* CVE-2014-8892: Unspecified vulnerability (bnc#916265)
* CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
before SR16 FP8 (5.0.16.8) allowed local users to execute arbitrary
code via vectors related to the shared classes cache (bnc#904889).
* CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
1.0.1i and other products, used nondeterministic CBC padding, which
made it easier for man-in-the-middle attackers to obtain cleartext
data via a padding-oracle attack, aka the "POODLE" issue
(bnc#901223).
* CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (bnc#904889).
* CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6493, and CVE-2014-6503 (bnc#904889).
* CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6493,
CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4288,
CVE-2014-6503, and CVE-2014-6532 (bnc#904889).
* CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Firefox, allowed remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Deployment (bnc#904889).
* CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed local users to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#904889).
* CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20, when running on Internet Explorer, allowed local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment (bnc#904889).
* CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries (bnc#904889).
* CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
7u67, and 8u20 allowed remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#904889).
* CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20 allowed remote attackers to affect
confidentiality via unknown vectors related to 2D (bnc#904889).
* CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect confidentiality via unknown vectors related to
Libraries (bnc#904889).
* CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
R28.3.3 allowed remote attackers to affect integrity via unknown
vectors related to Libraries (bnc#904889).
* CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
and R28.3.3 allowed remote attackers to affect confidentiality and
integrity via vectors related to JSSE (bnc#904889).
* CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote
attackers to affect integrity via unknown vectors related to
Libraries (bnc#904889).
* CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
JRockit R28.3.3 allowed remote attackers to affect integrity via
unknown vectors related to Security (bnc#904889).
* CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Deployment (bnc#891700).
* CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891700).
* CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot
(bnc#891700).
* CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality and integrity via vectors related to JMX
(bnc#891700).
* CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality via unknown vectors related to Swing (bnc#891700).
* CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via
unknown vectors related to Libraries (bnc#891700).
* CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allowed remote attackers to affect
confidentiality via unknown vectors related to Security (bnc#891700).
* CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allowed remote attackers to affect integrity via
unknown vectors related to Deployment (bnc#891700).
* CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allowed remote
attackers to affect confidentiality and integrity via unknown
vectors related to "Diffie-Hellman key agreement (bnc#891700).
* CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2,
allowed remote attackers to affect confidentiality and integrity via
unknown vectors related to Security (bnc#891700).
This non-security bug has also been fixed:
* Fix update-alternatives list (bnc#592934)
Security Issues:
* CVE-2014-8892
References
#592934 #891700 #901223 #904889 #916265 #916266
Cross- CVE-2014-8891 CVE-2014-8892
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
https://www.suse.com/security/cve/CVE-2014-8891.html
https://www.suse.com/security/cve/CVE-2014-8892.html
https://bugzilla.suse.com/592934
https://bugzilla.suse.com/891700
https://bugzilla.suse.com/901223
https://bugzilla.suse.com/904889
https://bugzilla.suse.com/916265
https://bugzilla.suse.com/916266
https://scc.suse.com:443/patches/
https://scc.suse.com:443/patches/
