Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisoryupdateimportantopenSUSE Leap 15.3: Security Update for Java Fixing Memory Issues
An update that solves 12 vulnerabilities and has two fixes is now available. . openSUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0108-1 Rating: important References: #1185055 #1188564 #1188565 #1191902 #1191904 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has two fixes is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files.(bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-108=1 Package List: - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-demo-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-src-1.8.0_sr7.0-3.53.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35560.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35578.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1191902 https://bugzilla.suse.com/1191904 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 . This patch addresses a variety of problems in jdk-1_8_0-oracle for Ubuntu, delivering essential improvements for CPU efficiency and security protocols.. Java Update, Memory Fix, openSUSE Advisory, Security Update. . Severity: Important. LinuxSecurity.com Team
Jan 18, 2022
•Important
OpenSUSE
100
security advisorycriticalcode executionSUSE: 2017:2263-1 Important: java-1_8_0-ibm Code Execution
An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available.. SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2263-1 Rating: important References: #1053431 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111, CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10074, CVE-2017-10078, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105, CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could leadto code execution or sandbox escape More information can be found here: https://developer.ibm.com/devpractices/security/ July_18_2017_CPU Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1389=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1389=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1389=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1389=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1389=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1389=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1389=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 -SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10078.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1053431 . Important enhancements in java-1_8_0-ibm improve security measures and resolvevarious functionality concerns.. SUSE Java Update, Java Security Patch, SUSE Linux Advisory, Java Code Execution, Important Security Fix. . Severity: Important. LinuxSecurity.com Team
Aug 25, 2017
•Important
SuSE
100
security advisorysoftware patchcritical updateSUSE 11 SP2 LTSS 2015:0392-1 Critical: Java Execution Issue
An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four fixes is now available. fixes is now available.. SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0392-1 Rating: important References: #592934 #891700 #901223 #904889 #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: java-1_6_0-ibm has been updated to version 1.6.0_sr16.3 to fix 30 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266) * CVE-2014-8892: Unspecified vulnerability (bnc#916265) * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allowed local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, used nondeterministic CBC padding, which made it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT(bnc#904889). * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (bnc#904889). * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (bnc#904889). * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (bnc#904889). * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (bnc#904889). * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allowedlocal users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect integrity via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#904889). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allowed remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#904889). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SEEmbedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allowed remote attackers to affect integrity via unknown vectors related to Security (bnc#904889). * CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#891700). * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891700). * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#891700). * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality and integrity via vectors related to JMX (bnc#891700). * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#891700). * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#891700). * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality via unknown vectors related to Security (bnc#891700). * CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via unknown vectors related to Deployment (bnc#891700). * CVE-2014-4263:Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement (bnc#891700). * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Security (bnc#891700). This non-security bug has also been fixed: * Fix update-alternatives list (bnc#592934) Security Issues: * CVE-2014-8892 * CVE-2014-8891 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_6_0-ibm=10353 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm=10354 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5 References: https://www.suse.com/security/cve/CVE-2014-8891.html https://www.suse.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/show_bug.cgi?id=592934 https://bugzilla.suse.com/show_bug.cgi?id=891700 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=904889 https://bugzilla.suse.com/show_bug.cgi?id=916265 https://bugzilla.suse.com/show_bug.cgi?id=916266 https://scc.suse.com:443/patches/ https://scc.suse.com:443/patches/ . Crucial patch for java-1_6_0-ibm released to address two security flaws and bolster defenses against potential threats.. SUSE Security Update, Java Fixes, Update Instructions, Critical Security. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2015
•Important
SuSE
98
security advisoryred hatmemory corruptionRed Hat: RHSA-2014:0685-01 Important: Java Memory Corruption Issue
Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2014:0685-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0685.html Issue date: 2014-06-10 CVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 ==================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment andthe OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix forCVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread contexthandling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.src.rpm ppc64: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.ppc64.rpm s390x: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.s390x.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.s390x.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm Red Hat EnterpriseLinux Workstation Optional (v. 7): x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-6.1.13.3.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0429 https://access.redhat.com/security/cve/CVE-2014-0446 https://access.redhat.com/security/cve/CVE-2014-0451 https://access.redhat.com/security/cve/CVE-2014-0452 https://access.redhat.com/security/cve/CVE-2014-0453 https://access.redhat.com/security/cve/CVE-2014-0456 https://access.redhat.com/security/cve/CVE-2014-0457 https://access.redhat.com/security/cve/CVE-2014-0458 https://access.redhat.com/security/cve/CVE-2014-0460 https://access.redhat.com/security/cve/CVE-2014-0461 https://access.redhat.com/security/cve/CVE-2014-1876 https://access.redhat.com/security/cve/CVE-2014-2397 https://access.redhat.com/security/cve/CVE-2014-2398 https://access.redhat.com/security/cve/CVE-2014-2403 https://access.redhat.com/security/cve/CVE-2014-2412 https://access.redhat.com/security/cve/CVE-2014-2414 https://access.redhat.com/security/cve/CVE-2014-2421 https://access.redhat.com/security/cve/CVE-2014-2423 https://access.redhat.com/security/cve/CVE-2014-2427 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . The latest security bulletin from Red Hat regarding java-1.6.0-openjdk highlights several vulnerabilities and recommends immediate updates.. Java Security Update, Red Hat Security, OpenJDK Patch, Java Remote Execution, Memory Corruption. . Severity: Important. LinuxSecurity.com Team
Jun 10, 2014
•Important
Red Hat
98
security advisorycriticalmemory corruptionRed Hat Enterprise Linux 6 RHSA-2013:0605-01 Critical: Memory Corruption
Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0605-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0605.html Issue date: 2013-03-06 CVE Names: CVE-2013-0809 CVE-2013-1493 ==================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2Dcomponent did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) Note: If your system has not yet been upgraded to Red Hat Enterprise Linux 6.4 and the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Thus, this update has been rated as having critical security impact as a one time exception. The icedtea-web package as provided with Red Hat Enterprise Linux 6.4 uses OpenJDK 7 instead. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-0809 https://access.redhat.com/security/cve/CVE-2013-1493 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Crucial security patch for java-1.6.0-openjdk software on Red Hat Enterprise Linux 6 addresses two significantvulnerabilities.. Java Security Update, Red Hat Enterprise, OpenJDK Security. . Severity: Critical. LinuxSecurity.com Team
Mar 06, 2013
•Critical
Red Hat
98
security advisoryred hatcritical threatRed Hat 6.2 RHSA-2000:054-01 Critical: Netscape Java Access Issue
New Netscape packages are available to fix a serious securityproblem with Java. It is recommended that all netscape usersupdate to the new packages. Users of Red Hat Linux 6.0 and 6.1should use the packages for Red Hat Linux 6.2.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New Netscape packages fix Java security hole Advisory ID: RHSA-2000:054-01 Issue date: 2000-08-18 Updated on: 2000-08-18 Product: Red Hat Linux Keywords: Brown Orifice netscape java Cross references: N/A --------------------------------------------------------------------- 1. Topic: New Netscape packages are available to fix a serious security problem with Java. It is recommended that all netscape usersupdate to the new packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.2. Packages will be made available for Red Hat Linux 5.2 when fixed binaries are available from Netscape. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386, alpha 3. Problem description: Due to a problem in the Java environment shipped with Netscape, it would be possible for a java applet on a remote site to view files on a local machine, and then provide access to those files for other machines. For more information, please see: 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): N/A 6. RPMs required: Red Hat Linux 6.2: alpha: i386: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- e4901ef360fdf89bc26cb9511210e25e 6.2/SRPMS/netscape-4.75-0.6.2.src.rpm 7868b53573252f231b627b20f11501fd 6.2/SRPMS/netscape-alpha-4.75-0.6.2.src.rpm 2db1ac1eefd26ef37b5e938077fc0a86 6.2/alpha/netscape-common-4.75-0.6.2.alpha.rpm 470b471c4d3575ecfa18bdabdb459389 6.2/alpha/netscape-communicator-4.75-0.6.2.alpha.rpm 981b62eb767ebd405dda3864bbb35d54 6.2/alpha/netscape-navigator-4.75-0.6.2.alpha.rpm 138e80104c7054d2b894fd3a064ab28f 6.2/i386/netscape-common-4.75-0.6.2.i386.rpm 887e48c496d386d82a6d66ce31f6a6cb 6.2/i386/netscape-communicator-4.75-0.6.2.i386.rpm 3e8c1094bbccb8d7783febea6e430549 6.2/i386/netscape-navigator-4.75-0.6.2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A Copyright(c) 2000 Red Hat, Inc. `. Recent advancements in Netscape address a significant Java security flaw impacting Red Hat users. Prompt installation is highly recommended.. Netscape Update, Red Hat Java Fix, Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Aug 21, 2000
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!