Security update for java-1_7_0-ibm
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:1073-1
Final
1
1
2015-06-12T14:22:03Z
current
2015-06-12T14:22:03Z
2015-06-12T14:22:03Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for java-1_7_0-ibm
This update fixes the following security issues:
- Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138
- Fix removeing links before update-alternatives run. bnc#931702
- Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives
- Fix bnc#912447, use system cacerts
- Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-SDK-12-2015-270,SUSE-SLE-SERVER-12-2015-270
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1/
Link for SUSE-SU-2015:1073-1
https://lists.suse.com/pipermail/sle-security-updates/2015-June/001442.html
E-Mail link for SUSE-SU-2015:1073-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/912434
SUSE Bug 912434
https://bugzilla.suse.com/912447
SUSE Bug 912447
https://bugzilla.suse.com/930365
SUSE Bug 930365
https://bugzilla.suse.com/931693
SUSE Bug 931693
https://bugzilla.suse.com/931702
SUSE Bug 931702
https://www.suse.com/security/cve/CVE-2015-0138/
SUSE CVE CVE-2015-0138 page
https://www.suse.com/security/cve/CVE-2015-0192/
SUSE CVE CVE-2015-0192 page
https://www.suse.com/security/cve/CVE-2015-1914/
SUSE CVE CVE-2015-1914 page
https://www.suse.com/security/cve/CVE-2015-2808/
SUSE CVE CVE-2015-2808 page
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1
java-1_7_1-ibm-1.7.1_sr3.0-11.1
java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
java-1_7_1-ibm-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server 12
java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server 12
java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server 12
java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server 12
java-1_7_1-ibm-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1 as a component of SUSE Linux Enterprise Software Development Kit 12
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
CVE-2015-0138
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1/
https://www.suse.com/security/cve/CVE-2015-0138.html
CVE-2015-0138
https://bugzilla.suse.com/952088
SUSE Bug 952088
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.
CVE-2015-0192
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1
critical
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1/
https://www.suse.com/security/cve/CVE-2015-0192.html
CVE-2015-0192
https://bugzilla.suse.com/952088
SUSE Bug 952088
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
CVE-2015-1914
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1
critical
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1/
https://www.suse.com/security/cve/CVE-2015-1914.html
CVE-2015-1914
https://bugzilla.suse.com/952088
SUSE Bug 952088
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2015-2808
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1
SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr3.0-11.1
important
2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1/
https://www.suse.com/security/cve/CVE-2015-2808.html
CVE-2015-2808
https://bugzilla.suse.com/925378
SUSE Bug 925378
https://bugzilla.suse.com/938248
SUSE Bug 938248
https://bugzilla.suse.com/938895
SUSE Bug 938895
https://bugzilla.suse.com/952088
SUSE Bug 952088