Security update for IBM Java (important)

2014-11-28T19:05:41
ID SUSE-SU-2014:1526-1
Type suse
Reporter Suse
Modified 2014-11-28T19:05:41

Description

java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues.

These security issues have been fixed:

   * Unspecified vulnerability (CVE-2014-3065).
   * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
     products, uses nondeterministic CBC padding, which makes it easier
     for man-in-the-middle attackers to obtain cleartext data via a
     padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
     and Java SE Embedded 7u60, allows remote attackers to affect
     confidentiality, integrity, and availability via vectors related to
     AWT (CVE-2014-6513).
   * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
     remote attackers to affect confidentiality, integrity, and
     availability via unknown vectors (CVE-2014-6456).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows remote attackers to affect confidentiality, integrity, and
     availability via unknown vectors related to Deployment, a different
     vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532
     (CVE-2014-6503).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows remote attackers to affect confidentiality, integrity, and
     availability via unknown vectors related to Deployment, a different
     vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503
     (CVE-2014-6532).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows remote attackers to affect confidentiality, integrity, and
     availability via unknown vectors related to Deployment, a different
     vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532
     (CVE-2014-4288).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows remote attackers to affect confidentiality, integrity, and
     availability via unknown vectors related to Deployment, a different
     vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532
     (CVE-2014-6493).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
     when running on Firefox, allows remote attackers to affect
     confidentiality, integrity, and availability via unknown vectors
     related to Deployment (CVE-2014-6492).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows local users to affect confidentiality, integrity, and
     availability via unknown vectors related to Deployment
     (CVE-2014-6458).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
     when running on Internet Explorer, allows local users to affect
     confidentiality, integrity, and availability via unknown vectors
     related to Deployment (CVE-2014-6466).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20, and Java SE Embedded 7u60, allows remote attackers to affect
     confidentiality, integrity, and availability via unknown vectors
     related to Libraries (CVE-2014-6506).
   * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
     remote attackers to affect integrity via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-6527
     (CVE-2014-6476).
   * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
     allows remote attackers to affect integrity via unknown vectors
     related to Deployment (CVE-2014-6515).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20 allows remote attackers to affect confidentiality via unknown
     vectors related to 2D (CVE-2014-6511).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20, and Java SE Embedded 7u60, allows remote attackers to affect
     confidentiality via unknown vectors related to Libraries
     (CVE-2014-6531).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows
     remote attackers to affect integrity via unknown vectors related to
     Libraries (CVE-2014-6512).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows
     remote attackers to affect confidentiality and integrity via vectors
     related to JSSE (CVE-2014-6457).
   * Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
     remote attackers to affect integrity via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-6476
     (CVE-2014-6527).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20, and Java SE Embedded 7u60, allows remote attackers to affect
     integrity via unknown vectors related to Libraries (CVE-2014-6502).
   * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
     8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3
     allows remote attackers to affect integrity via unknown vectors
     related to Security (CVE-2014-6558).

More information can be found at <a rel="nofollow" href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove</a> mber_2014 <<a rel="nofollow" href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nov">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nov</a> ember_2014>

Security Issues:

   * CVE-2014-3065
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065&lt;/a&gt;&gt;
   * CVE-2014-3566
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566&lt;/a&gt;&gt;
   * CVE-2014-6506
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506&lt;/a&gt;&gt;
   * CVE-2014-6511
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511&lt;/a&gt;&gt;
   * CVE-2014-6531
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531&lt;/a&gt;&gt;
   * CVE-2014-6512
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512&lt;/a&gt;&gt;
   * CVE-2014-6457
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457&lt;/a&gt;&gt;
   * CVE-2014-6502
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502&lt;/a&gt;&gt;
   * CVE-2014-6558
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558&lt;/a&gt;&gt;
   * CVE-2014-6513
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513&lt;/a&gt;&gt;
   * CVE-2014-6503
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503&lt;/a&gt;&gt;
   * CVE-2014-4288
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288&lt;/a&gt;&gt;
   * CVE-2014-6493
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493&lt;/a&gt;&gt;
   * CVE-2014-6532
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532&lt;/a&gt;&gt;
   * CVE-2014-6492
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492&lt;/a&gt;&gt;
   * CVE-2014-6458
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458&lt;/a&gt;&gt;
   * CVE-2014-6466
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466&lt;/a&gt;&gt;
   * CVE-2014-6515
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515&lt;/a&gt;&gt;
   * CVE-2014-6456
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456&lt;/a&gt;&gt;
   * CVE-2014-6476
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476&lt;/a&gt;&gt;
   * CVE-2014-6527
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527&lt;/a&gt;&gt;