SUSE-SU-2015:0503-1: important: Security update for java-1_7_0-openjdk

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Mar 16 05:05:46 MDT 2015


   SUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0503-1
Rating:             important
References:         #901223 #914041 
Cross-References:   CVE-2014-3566 CVE-2014-6585 CVE-2014-6587
                    CVE-2014-6591 CVE-2014-6593 CVE-2014-6601
                    CVE-2015-0383 CVE-2015-0395 CVE-2015-0400
                    CVE-2015-0407 CVE-2015-0408 CVE-2015-0410
                    CVE-2015-0412
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:

   This update fixes 13 security issues.

   These security issues were fixed:
   - CVE-2015-0395: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25 allowed remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to Hotspot
     (bnc#914041).
   - CVE-2015-0400: Unspecified vulnerability in Oracle Java SE 6u85, 7u72,
     and 8u25 allowed remote attackers to affect confidentiality via unknown
     vectors related to Libraries (bnc#914041).
   - CVE-2015-0383: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and
     R28.3.4 allowed local users to affect integrity and availability via
     unknown vectors related to Hotspot (bnc#914041).
   - CVE-2015-0412: Unspecified vulnerability in Oracle Java SE 6u85, 7u72,
     and 8u25 allowed remote attackers to affect confidentiality, integrity,
     and availability via vectors related to JAX-WS (bnc#914041).
   - CVE-2015-0407: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25 allowed remote attackers to affect confidentiality via
     unknown vectors related to Swing (bnc#914041).
   - CVE-2015-0408: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25 allowed remote attackers to affect confidentiality,
     integrity, and availability via vectors related to RMI (bnc#914041).
   - CVE-2014-6585: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25 allowed remote attackers to affect confidentiality via
     unknown vectors reelated to 2D, a different vulnerability than
     CVE-2014-6591 (bnc#914041).
   - CVE-2014-6587: Unspecified vulnerability in Oracle Java SE 6u85, 7u72,
     and 8u25 allowed local users to affect confidentiality, integrity, and
     availability via unknown vectors related to Libraries (bnc#914041).
   - CVE-2014-6591: Unspecified vulnerability in the Java SE component in
     Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to
     affect confidentiality via unknown vectors related to 2D, a different
     vulnerability than CVE-2014-6585 (bnc#914041).
   - CVE-2014-6593: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85,
     7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and
     28.3.4 allowed remote attackers to affect confidentiality and integrity
     via vectors related to JSSE (bnc#914041).
   - CVE-2014-6601: Unspecified vulnerability in Oracle Java SE 6u85, 7u72,
     and 8u25 allowed remote attackers to affect confidentiality, integrity,
     and availability via unknown vectors related to Hotspot (bnc#914041).
   - CVE-2015-0410: Unspecified vulnerability in the Java SE, Java SE
     Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and
     8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4
     allowed remote attackers to affect availability via unknown vectors
     related to Security (bnc#914041).
   - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i
     and other products, used nondeterministic CBC padding, which made it
     easier for man-in-the-middle attackers to obtain cleartext data via a
     padding-oracle attack, aka the "POODLE" issue (bnc#901223).

   These non-security issues were fixed:
   - Update protocol support (S8046656).
   - Fewer escapes from escape analysis (S8047130).
   - Better GC validation (S8049253).
   - TLAB stability (S8055479).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-122=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-122=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      java-1_7_0-openjdk-1.7.0.75-11.3
      java-1_7_0-openjdk-debuginfo-1.7.0.75-11.3
      java-1_7_0-openjdk-debugsource-1.7.0.75-11.3
      java-1_7_0-openjdk-demo-1.7.0.75-11.3
      java-1_7_0-openjdk-demo-debuginfo-1.7.0.75-11.3
      java-1_7_0-openjdk-devel-1.7.0.75-11.3
      java-1_7_0-openjdk-devel-debuginfo-1.7.0.75-11.3
      java-1_7_0-openjdk-headless-1.7.0.75-11.3
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.75-11.3

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      java-1_7_0-openjdk-1.7.0.75-11.3
      java-1_7_0-openjdk-debuginfo-1.7.0.75-11.3
      java-1_7_0-openjdk-debugsource-1.7.0.75-11.3
      java-1_7_0-openjdk-headless-1.7.0.75-11.3
      java-1_7_0-openjdk-headless-debuginfo-1.7.0.75-11.3


References:

   http://support.novell.com/security/cve/CVE-2014-3566.html
   http://support.novell.com/security/cve/CVE-2014-6585.html
   http://support.novell.com/security/cve/CVE-2014-6587.html
   http://support.novell.com/security/cve/CVE-2014-6591.html
   http://support.novell.com/security/cve/CVE-2014-6593.html
   http://support.novell.com/security/cve/CVE-2014-6601.html
   http://support.novell.com/security/cve/CVE-2015-0383.html
   http://support.novell.com/security/cve/CVE-2015-0395.html
   http://support.novell.com/security/cve/CVE-2015-0400.html
   http://support.novell.com/security/cve/CVE-2015-0407.html
   http://support.novell.com/security/cve/CVE-2015-0408.html
   http://support.novell.com/security/cve/CVE-2015-0410.html
   http://support.novell.com/security/cve/CVE-2015-0412.html
   https://bugzilla.suse.com/901223
   https://bugzilla.suse.com/914041



More information about the sle-updates mailing list