SUSE: 2016:0390-1 Important: Java-1_8_0-ibm Denial Of Service Fix

suse

February 9, 2016

An update that fixes 10 vulnerabilities is now available

Summary

This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions

Topics Covered

security advisory denial of service buffer overflow important SUSE java-1_8_0-ibm

References

#960402 #963937

Cross- CVE-2015-5041 CVE-2015-7575 CVE-2015-8126

CVE-2015-8472 CVE-2016-0402 CVE-2016-0448

CVE-2016-0466 CVE-2016-0475 CVE-2016-0483

CVE-2016-0494

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server 12-SP1

https://www.suse.com/security/cve/CVE-2015-5041.html

https://www.suse.com/security/cve/CVE-2015-7575.html

https://www.suse.com/security/cve/CVE-2015-8126.html

https://www.suse.com/security/cve/CVE-2015-8472.html

https://www.suse.com/security/cve/CVE-2016-0402.html

https://www.suse.com/security/cve/CVE-2016-0448.html

https://www.suse.com/security/cve/CVE-2016-0466.html

https://www.suse.com/security/cve/CVE-2016-0475.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:0390-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow important SUSE java-1_8_0-ibm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:0390-1 Important: Java-1_8_0-ibm Denial Of Service Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:0390-1 Important: Java-1_8_0-ibm Denial Of Service Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!