Lucene search
SuseSUSE-SU-2014:1526-2HistoryDec 02, 2014 - 7:04 p.m.
Security update for IBM Java (important)
2014-12-0219:04:43
lists.opensuse.org
23
0.975 High
EPSS
Percentile
100.0%
java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security
issues.
These security issues have been fixed:
* Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065).
* The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality, integrity, and availability via vectors related to
AWT (CVE-2014-6513).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532
(CVE-2014-6503).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503
(CVE-2014-6532).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532
(CVE-2014-4288).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532
(CVE-2014-6493).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
when running on Firefox, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment (CVE-2014-6492).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment
(CVE-2014-6458).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20,
when running on Internet Explorer, allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment (CVE-2014-6466).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries (CVE-2014-6506).
* Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect integrity via unknown vectors
related to Deployment (CVE-2014-6515).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20 allows remote attackers to affect confidentiality via unknown
vectors related to 2D (CVE-2014-6511).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality via unknown vectors related to Libraries
(CVE-2014-6531).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows
remote attackers to affect integrity via unknown vectors related to
Libraries (CVE-2014-6512).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows
remote attackers to affect confidentiality and integrity via vectors
related to JSSE (CVE-2014-6457).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
integrity via unknown vectors related to Libraries (CVE-2014-6502).
* Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3
allows remote attackers to affect integrity via unknown vectors
related to Security (CVE-2014-6558).
More information can be found at
<a href=“http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove”>http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove</a>
mber_2014
<<a href=“http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nov”>http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nov</a>
ember_2014>
Security Issues:
* CVE-2014-3065
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065</a>>
* CVE-2014-3566
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566</a>>
* CVE-2014-6506
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506</a>>
* CVE-2014-6511
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511</a>>
* CVE-2014-6531
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531</a>>
* CVE-2014-6512
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512</a>>
* CVE-2014-6457
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457</a>>
* CVE-2014-6502
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502</a>>
* CVE-2014-6558
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558</a>>
* CVE-2014-6513
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513</a>>
* CVE-2014-6503
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503</a>>
* CVE-2014-4288
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288</a>>
* CVE-2014-6493
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493</a>>
* CVE-2014-6532
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532</a>>
* CVE-2014-6492
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492</a>>
* CVE-2014-6458
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458</a>>
* CVE-2014-6466
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466</a>>
* CVE-2014-6515
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515</a>>
* CVE-2014-6456
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456</a>>
* CVE-2014-6476
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476</a>>
* CVE-2014-6527
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527</a>>
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| SUSE Manager 1.7 for SLE | 11.2 | x86_64 | java-1_6_0-ibm-devel | < 1.6.0_sr16.2-0.3.1 | java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1.x86_64.rpm |
| SUSE Manager 1.7 for SLE | 11.2 | x86_64 | java-1_6_0-ibm-fonts | < 1.6.0_sr16.2-0.3.1 | java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1.x86_64.rpm |
| SUSE Manager 1.7 for SLE | 11.2 | x86_64 | java-1_6_0-ibm-plugin | < 1.6.0_sr16.2-0.3.1 | java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1.x86_64.rpm |
| SUSE Manager 1.7 for SLE | 11.2 | x86_64 | java-1_6_0-ibm-jdbc | < 1.6.0_sr16.2-0.3.1 | java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1.x86_64.rpm |
| SUSE Manager 1.7 for SLE | 11.2 | x86_64 | java-1_6_0-ibm | < 1.6.0_sr16.2-0.3.1 | java-1_6_0-ibm-1.6.0_sr16.2-0.3.1.x86_64.rpm |
Related
openvas
openvas
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:1526-1)
2015-10-13 00:00:00
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2014:1549-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1549-1)
2021-04-19 00:00:00
suse
suse
Security update for IBM Java (important)
2014-11-28 19:05:41
Security update for java-1_7_1-ibm (important)
2014-12-03 17:04:45
Security update for java-1_6_0-ibm (important)
2015-02-21 01:07:10
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting IBM Tivoli Monitoring clients
2018-06-17 14:55:49
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2018-06-15 07:01:54
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2018-06-15 07:02:44
nessus
nessus
SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)
2014-12-01 00:00:00
SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9999)
2014-12-01 00:00:00
RHEL 5 : java-1.7.0-ibm (RHSA-2014:1876) (POODLE)
2014-11-20 00:00:00
redhat
redhat
(RHSA-2014:1876) Critical: java-1.7.0-ibm security update
2014-11-19 00:00:00
(RHSA-2014:1880) Critical: java-1.7.1-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1877) Critical: java-1.6.0-ibm security update
2014-11-19 00:00:00
aix
aix
f5
f5
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
ubuntucve
ubuntucve
cve
cve
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
debiancve
debiancve
securityvulns
securityvulns
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
2015-01-25 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
osv
osv
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-26 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:12:51
Privilege Escalation
2019-05-02 05:12:51
Information Disclosure
2019-05-02 05:12:50
centos
centos
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
java security update
2014-10-15 11:48:47
amazon
amazon
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
debian
debian
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09