Detalji
Kreirano: 24 Siječanj 2012
Otkriveno je 18 sigurnosnih ranjivosti u paketu IBM Java. Ranjivosti se mogu iskoristiti udaljeno za napade na povjerljivost, integritet i dostupnost Java aplikacija.
Paket:
IBM Java 1.4.2
Operacijski sustavi:
SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
8.7
Problem:
nespecificirana pogreška, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka, otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560
Izvorni ID preporuke:
SUSE-SU-2012:0114-1
Izvor:
SUSE
Problem:
Ranjivosti su otkrivene u komponentama Deployment, Deserialization, Scripting, Sound, Networking, AWT, Swing, 2D, JAXWS, RMI, JSSE te u implementaciji SSL protokola. Za detaljan uvid u sve nedostatke peporuča se čitanje originalne preporuke.
Posljedica:
Ranjivost u SSL protokolu napadač može iskoristiti za MITM (eng. man-in-the-middle) napad. Ostale nepravilnosti mogu se iskoristiti za napade koji utječu na povjerljivost, integritet i dostupnost.
Rješenje:
Korisnike se potiče na primjenu dostupnih zakrpi.
Izvorni tekst preporuke
SUSE Security Update: Security update for IBM Java
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0114-1
Rating: important
References: #739248
Cross-References: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521
CVE-2011-3544 CVE-2011-3545 CVE-2011-3546
CVE-2011-3547 CVE-2011-3548 CVE-2011-3549
CVE-2011-3550 CVE-2011-3551 CVE-2011-3552
CVE-2011-3553 CVE-2011-3554 CVE-2011-3556
CVE-2011-3557 CVE-2011-3560 CVE-2011-3561
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Java 10 SP4
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
IBM Java 1.6.0 SR10 has been released fixing the following
CVE's:
* CVE-2011-3389
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
>
* CVE-2011-3516
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
>
* CVE-2011-3521
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
>
* CVE-2011-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
>
* CVE-2011-3545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
>
* CVE-2011-3546
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
>
* CVE-2011-3547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
>
* CVE-2011-3548
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
>
* CVE-2011-3549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
>
* CVE-2011-3550
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
>
* CVE-2011-3551
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
>
* CVE-2011-3552
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
>
* CVE-2011-3553
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
>
* CVE-2011-3554
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
>
* CVE-2011-3556
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
>
* CVE-2011-3557
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
>
* CVE-2011-3560
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
>
* CVE-2011-3561
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
>
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64):
java-1_6_0-ibm-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-devel-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64):
java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
java-1_6_0-ibm-32bit-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-devel-32bit-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Server 10 SP4 (x86_64):
java-1_6_0-ibm-alsa-32bit-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-plugin-32bit-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Server 10 SP4 (i586):
java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Server 10 SP4 (ppc):
java-1_6_0-ibm-64bit-1.6.0_sr10.0-0.8.1
- SUSE Linux Enterprise Java 10 SP4 (x86_64):
java-1_6_0-ibm-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-devel-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.8.1
java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.8.1
References:
http://support.novell.com/security/cve/CVE-2011-3389.html
http://support.novell.com/security/cve/CVE-2011-3516.html
http://support.novell.com/security/cve/CVE-2011-3521.html
http://support.novell.com/security/cve/CVE-2011-3544.html
http://support.novell.com/security/cve/CVE-2011-3545.html
http://support.novell.com/security/cve/CVE-2011-3546.html
http://support.novell.com/security/cve/CVE-2011-3547.html
http://support.novell.com/security/cve/CVE-2011-3548.html
http://support.novell.com/security/cve/CVE-2011-3549.html
http://support.novell.com/security/cve/CVE-2011-3550.html
http://support.novell.com/security/cve/CVE-2011-3551.html
http://support.novell.com/security/cve/CVE-2011-3552.html
http://support.novell.com/security/cve/CVE-2011-3553.html
http://support.novell.com/security/cve/CVE-2011-3554.html
http://support.novell.com/security/cve/CVE-2011-3556.html
http://support.novell.com/security/cve/CVE-2011-3557.html
http://support.novell.com/security/cve/CVE-2011-3560.html
http://support.novell.com/security/cve/CVE-2011-3561.html
https://bugzilla.novell.com/739248
http://download.novell.com/patch/finder/?keywords=ea376c01db551281b5801fde16acb03e
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke