Security update for java-1_7_0-ibm (important)

java-1_7_0-ibm was updated to version 1.7.0_sr7.3 to fix 37 security
issues:

   * CVE-2014-8891: Unspecified vulnerability (bnc#916266)
   * CVE-2014-8892: Unspecified vulnerability (bnc#916265)
   * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime
     Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0),
     6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and
     before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary
     code via vectors related to the shared classes cache (bnc#904889).
   * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through
     1.0.1i and other products, uses nondeterministic CBC padding, which
     makes it easier for man-in-the-middle attackers to obtain cleartext
     data via a padding-oracle attack, aka the "POODLE" issue
     (bnc#901223).
   * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers
     to affect confidentiality, integrity, and availability via vectors
     related to AWT (bnc#901239).
   * CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and
     8u20 allows remote attackers to affect confidentiality, integrity,
     and availability via unknown vectors (bnc#901239).
   * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-4288,
     CVE-2014-6493, and CVE-2014-6532 (bnc#901239).
   * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-4288,
     CVE-2014-6493, and CVE-2014-6503 (bnc#901239).
   * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-6493,
     CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
   * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment, a different vulnerability than CVE-2014-4288,
     CVE-2014-6503, and CVE-2014-6532 (bnc#901239).
   * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20, when running on Firefox, allows remote attackers to
     affect confidentiality, integrity, and availability via unknown
     vectors related to Deployment (bnc#901239).
   * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows local users to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment (bnc#901239).
   * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20, when running on Internet Explorer, allows local
     users to affect confidentiality, integrity, and availability via
     unknown vectors related to Deployment (bnc#901239).
   * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
     attackers to affect confidentiality, integrity, and availability via
     unknown vectors related to Libraries (bnc#901239).
   * CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and
     8u20 allows remote attackers to affect integrity via unknown vectors
     related to Deployment, a different vulnerability than CVE-2014-6527
     (bnc#901239).
   * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81,
     7u67, and 8u20 allows remote attackers to affect integrity via
     unknown vectors related to Deployment (bnc#901239).
   * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20 allows remote attackers to affect
     confidentiality via unknown vectors related to 2D (bnc#901239).
   * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
     attackers to affect confidentiality via unknown vectors related to
     Libraries (bnc#901239).
   * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
     R28.3.3 allows remote attackers to affect integrity via unknown
     vectors related to Libraries (bnc#901239).
   * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3,
     and R28.3.3 allows remote attackers to affect confidentiality and
     integrity via vectors related to JSSE (bnc#901239).
   * CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and
     8u20 allows remote attackers to affect integrity via unknown vectors
     related to Deployment, a different vulnerability than CVE-2014-6476
     (bnc#901239).
   * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
     attackers to affect integrity via unknown vectors related to
     Libraries (bnc#901239).
   * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71,
     6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and
     JRockit R28.3.3 allows remote attackers to affect integrity via
     unknown vectors related to Security (bnc#901239).
   * CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75,
     7u60, and 8u5 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to
     Deployment (bnc#891701).
   * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5 allows remote attackers to affect
     confidentiality, integrity, and availability via unknown vectors
     related to Libraries (bnc#891701).
   * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75,
     7u60, and 8u5 allows remote attackers to affect confidentiality,
     integrity, and availability via unknown vectors related to Hotspot
     (bnc#891701).
   * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5 allows remote attackers to affect
     confidentiality and integrity via vectors related to JMX
     (bnc#891701).
   * CVE-2014-4220: Unspecified vulnerability in Oracle Java SE 7u60 and
     8u5 allows remote attackers to affect integrity via unknown vectors
     related to Deployment, a different vulnerability than CVE-2014-4208
     (bnc#891701).
   * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5 allows remote attackers to affect
     confidentiality via unknown vectors related to Swing (bnc#891701).
   * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5 allows remote attackers to affect integrity via
     unknown vectors related to Libraries (bnc#891701).
   * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5 allows remote attackers to affect
     confidentiality via unknown vectors related to Security (bnc#891701).
   * CVE-2014-4266: Unspecified vulnerability in Oracle Java SE 7u60 and
     8u5 allows remote attackers to affect integrity via unknown vectors
     related to Serviceability (bnc#891701).
   * CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75,
     7u60, and 8u5 allows remote attackers to affect integrity via
     unknown vectors related to Deployment (bnc#891701).
   * CVE-2014-4221: Unspecified vulnerability in Oracle Java SE 7u60 and
     8u5 allows remote attackers to affect confidentiality via unknown
     vectors related to Libraries (bnc#891701).
   * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote
     attackers to affect confidentiality and integrity via unknown
     vectors related to "Diffie-Hellman key agreement (bnc#891701).
   * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65,
     6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows
     remote attackers to affect confidentiality and integrity via unknown
     vectors related to Security (bnc#891701).
   * CVE-2014-4208: Unspecified vulnerability in the Java SE component in
     Oracle Java SE 7u60 and 8u5 allows remote attackers to affect
     integrity via unknown vectors related to Deployment, a different
     vulnerability than CVE-2014-4220 (bnc#891701).

Security Issues:

   * CVE-2014-8892
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892</a>&gt;
   * CVE-2014-8891
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891</a>&gt;