Unutar programskog interpretera IBM Java uočeni su višestruki sigurnosni propusti. Izvori sigurnosnih rizika još nisu poznati, ali je objavljeno kako se pojavljuju prilikom rukovanja JRE okolinom i korištenjem zvuka te AWT, Web Start i NIO modulima. Uspješnim iskorištavanjem uočenih propusta napadač može narušiti integritet Java aplikacija. Objavljene su nove inačice Java paketa pa se svim korisnicima savjetuje nadogradnja.
Paket:
java-1.5.0-ibm
Operacijski sustavi:
openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, openSUSE 11.1, openSUSE 11.2, openSUSE 11.3, openSUSE 11.4, SUSE Linux Enterprise Server (SLES) 9
Kritičnost:
7.6
Problem:
nespecificirana pogreška, pogreška u programskoj komponenti
Višestruki sigurnosni propusti nepoznatog podrijetla rezultirani nepravilnim rukovanjem JRE okolinom te korištenjem zvuka, kao i nepravilan rad AWT, Web Start i NIO modula.
Posljedica:
Uspješnim iskorištavanjem uočenih propusta napadač može narušiti integritet ranjivog sustava.
Rješenje:
Svim korisnicima savjetuje se nadogradnja na novu inačicu jer su u njoj ispravljeni svi uočeni propusti.
SUSE Security Update: Security update for IBM Java5 JRE and SDK
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:0863-2
Rating: important
References: #707244
Affected Products:
SUSE CORE 9
Open Enterprise Server
Novell Linux POS 9
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
IBM Java 1.5.0 SR12 FP5 has been released fixing bugs and
security issues.
Following security issues were fixed:
*
CVE-2011-0865: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization.
*
CVE-2011-0866: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier, when running on Windows, allows
remote untrusted Java Web Start applications and untrusted
Java applets to affect confidentiality, integrity, and
availability via unknown vectors related to Java Runtime
Environment.
*
CVE-2011-0802: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, when running on Windows, allows
remote untrusted Java Web Start applications and untrusted
Java applets to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a
different vulnerability than CVE-2011-0786.
*
CVE-2011-0814: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to Sound, a different vulnerability than
CVE-2011-0802.
*
CVE-2011-0815: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to AWT.
*
CVE-2011-0862: Multiple unspecified vulnerabilities
in the Java Runtime Environment (JRE) component in Oracle
Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier,
and 1.4.2_31 and earlier allow remote attackers to affect
confidentiality, integrity, and availability via unknown
vectors related to 2D.
*
CVE-2011-0867: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality via unknown vectors related to Networking.
*
CVE-2011-0871: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and
1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown
vectors related to Swing.
*
CVE-2011-0872: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier allows remote attackers to affect
availability via unknown vectors related to NIO.
*
CVE-2011-0873: Unspecified vulnerability in the Java
Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, and 5.0 Update 29 and earlier,
allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
2D.
Indications:
Please install this update.
Package List:
- SUSE CORE 9 (i586 ppc ppc64 s390 s390x x86_64):
IBMJava5-JRE-1.5.0_sr12.5-0.6
IBMJava5-SDK-1.5.0_sr12.5-0.6
- Open Enterprise Server (i586):
IBMJava5-JRE-1.5.0_sr12.5-0.6
IBMJava5-SDK-1.5.0_sr12.5-0.6
- Novell Linux POS 9 (i586):
IBMJava5-JRE-1.5.0_sr12.5-0.6
IBMJava5-SDK-1.5.0_sr12.5-0.6
References:
https://bugzilla.novell.com/707244
http://download.novell.com/patch/finder/?keywords=daac3f2447217cb1cc0ac6468eb37edc
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke