Articles / SuSE: New IBM Java packages…

SuSE: New IBM Java packages fix remote vulnerabilities

IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes various bugs and security issues. An unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for IBM Java
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0966-1
Rating:             important
References:         #711195 
Cross-References:   CVE-2011-0802 CVE-2011-0814 CVE-2011-0815
                   CVE-2011-0862 CVE-2011-0865 CVE-2011-0866
                   CVE-2011-0867 CVE-2011-0871 CVE-2011-0872

Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP1
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Server 10 SP4
                   SUSE Linux Enterprise Server 10 SP3
                   SUSE Linux Enterprise Java 11 SP1
                   SUSE Linux Enterprise Java 10 SP4
                   SUSE Linux Enterprise Java 10 SP3
                   SUSE CORE 9
                   SLE SDK 10 SP3
                   Open Enterprise Server
                   Novell Linux POS 9
______________________________________________________________________________

  An update that fixes 9 vulnerabilities is now available.

Description:


  IBM Java 1.4.2 SR 13 Fixpack 10 has been released and fixes
  various bugs  and security issues.

  The following security issues have been fixed:

  *

  CVE-2011-0865: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect integrity
  via unknown vectors related to Deserialization.

  *

  CVE-2011-0866: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier, when running on Windows, allows
  remote untrusted Java Web Start applications and untrusted
  Java applets to affect confidentiality, integrity, and
  availability via unknown vectors related to Java Runtime
  Environment.

  *

  CVE-2011-0802: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, when running on Windows, allows
  remote untrusted Java Web Start applications and untrusted
  Java applets to affect confidentiality, integrity, and
  availability via unknown vectors related to Deployment, a
  different vulnerability than CVE-2011-0786.

  *

  CVE-2011-0814: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown
  vectors related to Sound, a different vulnerability than
  CVE-2011-0802.

  *

  CVE-2011-0815: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect
  confidentiality, integrity, and availability via unknown
  vectors related to AWT.

  *

  CVE-2011-0862: Multiple unspecified vulnerabilities
  in the Java Runtime Environment (JRE) component in Oracle
  Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier,
  and 1.4.2_31 and earlier allow remote attackers to affect
  confidentiality, integrity, and availability via unknown
  vectors related to 2D.

  *

  CVE-2011-0867: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect
  confidentiality via unknown vectors related to Networking.

  *

  CVE-2011-0871: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier, 5.0 Update 29 and earlier, and
  1.4.2_31 and earlier allows remote untrusted Java Web Start
  applications and untrusted Java applets to affect
  confidentiality, integrity, and availability via unknown
  vectors related to Swing.

  *

  CVE-2011-0872: Unspecified vulnerability in the Java
  Runtime Environment (JRE) component in Oracle Java SE 6
  Update 25 and earlier allows remote attackers to affect
  availability via unknown vectors related to NIO.

  Security Issue references:

  * CVE-2011-0865
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

  * CVE-2011-0866
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866

  * CVE-2011-0802
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

  * CVE-2011-0814
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

  * CVE-2011-0815
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815

  * CVE-2011-0862
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

  * CVE-2011-0867
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

  * CVE-2011-0871
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

  * CVE-2011-0872
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0872


Indications:

  Please install this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-java-1_4_2-ibm-5014

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-java-1_4_2-ibm-5014

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-java-1_4_2-ibm-5014

  - SUSE Linux Enterprise Java 11 SP1:

     zypper in -t patch slejsp1-java-1_4_2-ibm-5014

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 (i586):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Server 10 SP4 (i586 ppc):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Server 10 SP4 (i586):

     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Server 10 SP3 (i586 ppc):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Server 10 SP3 (i586):

     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Java 11 SP1 (i586):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.4.1
     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.4.1

  - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 10 SP4 (i586 ppc):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 10 SP4 (i586):

     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 10 SP3 (i586 ia64 ppc s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 10 SP3 (i586 ppc):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

  - SUSE Linux Enterprise Java 10 SP3 (i586):

     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

  - SUSE CORE 9 (i586 ia64 ppc ppc64 s390 s390x x86_64):

     IBMJava2-JRE-1.4.2_sr13.10-0.7
     IBMJava2-SDK-1.4.2_sr13.10-0.7

  - SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64):

     java-1_4_2-ibm-1.4.2_sr13.10-0.9.1
     java-1_4_2-ibm-devel-1.4.2_sr13.10-0.9.1

  - SLE SDK 10 SP3 (i586 ppc):

     java-1_4_2-ibm-jdbc-1.4.2_sr13.10-0.9.1

  - SLE SDK 10 SP3 (i586):

     java-1_4_2-ibm-plugin-1.4.2_sr13.10-0.9.1

  - Open Enterprise Server (i586):

     IBMJava2-JRE-1.4.2_sr13.10-0.7
     IBMJava2-SDK-1.4.2_sr13.10-0.7

  - Novell Linux POS 9 (i586):

     IBMJava2-JRE-1.4.2_sr13.10-0.7
     IBMJava2-SDK-1.4.2_sr13.10-0.7


References:

  http://support.novell.com/security/cve/CVE-2011-0802.html
  http://support.novell.com/security/cve/CVE-2011-0814.html
  http://support.novell.com/security/cve/CVE-2011-0815.html
  http://support.novell.com/security/cve/CVE-2011-0862.html
  http://support.novell.com/security/cve/CVE-2011-0865.html
  http://support.novell.com/security/cve/CVE-2011-0866.html
  http://support.novell.com/security/cve/CVE-2011-0867.html
  http://support.novell.com/security/cve/CVE-2011-0871.html
  http://support.novell.com/security/cve/CVE-2011-0872.html
  https://bugzilla.novell.com/711195
  http://download.novell.com/patch/finder/?keywords=0b286dd848f8badeaac98844dcdfdcda
  http://download.novell.com/patch/finder/?keywords=1e5639ed751b5b652ed5c8efe956bf24
  http://download.novell.com/patch/finder/?keywords=6cfd6e9bc30d32ee33522d94ea427c79
  http://download.novell.com/patch/finder/?keywords=7886de0d893190600803b61d082cc3cf
  http://download.novell.com/patch/finder/?keywords=810e92e414291fd2d04bf942cdf2d032
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.