Mailinglist Archive: opensuse-security-announce (30 mails)

< Previous Next >
[security-announce] SUSE-SU-2011:0966-1: important: Security update for IBM Java
SUSE Security Update: Security update for IBM Java
______________________________________________________________________________

Announcement ID: SUSE-SU-2011:0966-1
Rating: important
References: #711195
Cross-References: CVE-2011-0802 CVE-2011-0814 CVE-2011-0815
CVE-2011-0862 CVE-2011-0865 CVE-2011-0866
CVE-2011-0867 CVE-2011-0871 CVE-2011-0872

Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Java 11 SP1
SUSE Linux Enterprise Java 10 SP4
SUSE Linux Enterprise Java 10 SP3
SUSE CORE 9
SLE SDK 10 SP3
Open Enterprise Server
Novell Linux POS 9
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:


IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes
various bugs and security issues.

The following security issues have been fixed:

*

CVE-2011-0865: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization.

*

CVE-2011-0866: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier, when running on Windows, allows
remote untrusted Java Web Start applications and untrusted
Java applets to affect confidentiality, integrity, and
availability via unknown vectors related to Java Runtime
Environment.

*

CVE-2011-0802: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, when running on Windows, allows
remote untrusted Java Web Start applications and untrusted
Java applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a
different vulnerability than CVE-2011-0786.

*

CVE-2011-0814: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to Sound, a different vulnerability than
CVE-2011-0802.

*

CVE-2011-0815: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to AWT.

*

CVE-2011-0862: Multiple unspecified vulnerabilities
in the Java Runtime Environment (JRE) component in Oracle
Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier,
and 1.4.2_31 and earlier allow remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to 2D.

*

CVE-2011-0867: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality via unknown vectors related to Networking.

*

CVE-2011-0871: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to Swing.

*

CVE-2011-0872: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier allows remote attackers to affect
availability via unknown vectors related to NIO.

Security Issue references:

* CVE-2011-0865
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
>
* CVE-2011-0866
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
>
* CVE-2011-0802
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
>
* CVE-2011-0814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
>
* CVE-2011-0815
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
>
* CVE-2011-0862
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
>
* CVE-2011-0867
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
>
* CVE-2011-0871
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
>
* CVE-2011-0872
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872
>

Indications:

Please install this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11 SP1:

zypper in -t patch sdksp1-java-1_4_2-ibm-5014

- SUSE Linux Enterprise Server 11 SP1 for VMware:

zypper in -t patch slessp1-java-1_4_2-ibm-5014

- SUSE Linux Enterprise Server 11 SP1:

zypper in -t patch slessp1-java-1_4_2-ibm-5014

- SUSE Linux Enterprise Java 11 SP1:

zypper in -t patch slejsp1-java-1_4_2-ibm-5014

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64
s390x x86_64):

java-1_4_2-ibm-devel-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Server 11 SP1 for VMware (i586):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Server 11 SP1 (i586):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Server 10 SP4 (i586 ppc):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Server 10 SP4 (i586):

java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Server 10 SP3 (i586 ppc):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Server 10 SP3 (i586):

java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Java 11 SP1 (i586):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

- SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 10 SP4 (i586 ppc):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 10 SP4 (i586):

java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 10 SP3 (i586 ia64 ppc s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 10 SP3 (i586 ppc):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

- SUSE Linux Enterprise Java 10 SP3 (i586):

java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

- SUSE CORE 9 (i586 ia64 ppc ppc64 s390 s390x x86_64):

IBMJava2-JRE-1.4.2_sr13.10-0.7
IBMJava2-SDK-1.4.2_sr13.10-0.7

- SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64):

java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

- SLE SDK 10 SP3 (i586 ppc):

java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

- SLE SDK 10 SP3 (i586):

java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

- Open Enterprise Server (i586):

IBMJava2-JRE-1.4.2_sr13.10-0.7
IBMJava2-SDK-1.4.2_sr13.10-0.7

- Novell Linux POS 9 (i586):

IBMJava2-JRE-1.4.2_sr13.10-0.7
IBMJava2-SDK-1.4.2_sr13.10-0.7


References:

http://support.novell.com/security/cve/CVE-2011-0802.html
http://support.novell.com/security/cve/CVE-2011-0814.html
http://support.novell.com/security/cve/CVE-2011-0815.html
http://support.novell.com/security/cve/CVE-2011-0862.html
http://support.novell.com/security/cve/CVE-2011-0865.html
http://support.novell.com/security/cve/CVE-2011-0866.html
http://support.novell.com/security/cve/CVE-2011-0867.html
http://support.novell.com/security/cve/CVE-2011-0871.html
http://support.novell.com/security/cve/CVE-2011-0872.html
https://bugzilla.novell.com/711195

http://download.novell.com/patch/finder/?keywords=0b286dd848f8badeaac98844dcdfdcda

http://download.novell.com/patch/finder/?keywords=1e5639ed751b5b652ed5c8efe956bf24

http://download.novell.com/patch/finder/?keywords=6cfd6e9bc30d32ee33522d94ea427c79

http://download.novell.com/patch/finder/?keywords=7886de0d893190600803b61d082cc3cf

http://download.novell.com/patch/finder/?keywords=810e92e414291fd2d04bf942cdf2d032

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages