Uočeno je nekoliko sigurnosnih propusta kod programskog paketa IBM Java 1.4.2 koje je moguće iskoristiti za kompromitaciju aplikacija koje se u svom radu oslanjaju na spomenuti paket.
Većina je nedostataka vezana uz nespecificirane pogreške u Java Runtime Environment komponenti, a javlja se i nepravilnost zbog propusta u implementaciji SSL protokola.
Posljedica:
Nedostatke je moguće iskoristiti za utjecanje na dostupnost i pouzdanost programa koji u svom radu koriste navedeni paket.
Rješenje:
Svim korisnicima se savjetuje korištenje službene nadogradnje.
SUSE Security Update: Security update for IBM Java 1.4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0122-2
Rating: important
References: #739256
Cross-References: CVE-2011-3389 CVE-2011-3545 CVE-2011-3547
CVE-2011-3548 CVE-2011-3549 CVE-2011-3552
CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
Affected Products:
SUSE Linux Enterprise for SAP Applications 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Java 11 SP1
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
IBM Java 1.4.2 SR13 FP11 has been released and contains
various security fixes.
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
(CVEs fixed: CVE-2011-3547 CVE-2011-3548 CVE-2011-3549
CVE-2011-3552 CVE-2011-3545 CVE-2011-3556 CVE-2011-3557
CVE-2011-3389 CVE-2011-3560 )
Security Issues:
* CVE-2011-3389
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
>
* CVE-2011-3545
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
>
* CVE-2011-3547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
>
* CVE-2011-3548
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
>
* CVE-2011-3549
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
>
* CVE-2011-3552
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
>
* CVE-2011-3556
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
>
* CVE-2011-3557
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
>
* CVE-2011-3560
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise for SAP Applications 11 SP1:
zypper in -t patch slesapp1-java-1_4_2-ibm-sap-5734
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-java-1_4_2-ibm-5609
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-java-1_4_2-ibm-5609
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-java-1_4_2-ibm-5609
- SUSE Linux Enterprise Java 11 SP1:
zypper in -t patch slejsp1-java-1_4_2-ibm-5609
slejsp1-java-1_4_2-ibm-sap-5734
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64):
java-1_4_2-ibm-sap-1.4.2_sr13.11-0.3.1
java-1_4_2-ibm-sap-devel-1.4.2_sr13.11-0.3.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64
s390x x86_64):
java-1_4_2-ibm-devel-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):
java-1_4_2-ibm-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):
java-1_4_2-ibm-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586):
java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1
java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):
java-1_4_2-ibm-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Server 11 SP1 (i586):
java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1
java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Java 11 SP1 (i586 ia64 ppc64 s390x x86_64):
java-1_4_2-ibm-1.4.2_sr13.11-0.5.1
- SUSE Linux Enterprise Java 11 SP1 (x86_64):
java-1_4_2-ibm-sap-1.4.2_sr13.11-0.3.1
java-1_4_2-ibm-sap-devel-1.4.2_sr13.11-0.3.1
- SUSE Linux Enterprise Java 11 SP1 (i586):
java-1_4_2-ibm-jdbc-1.4.2_sr13.11-0.5.1
java-1_4_2-ibm-plugin-1.4.2_sr13.11-0.5.1
References:
http://support.novell.com/security/cve/CVE-2011-3389.html
http://support.novell.com/security/cve/CVE-2011-3545.html
http://support.novell.com/security/cve/CVE-2011-3547.html
http://support.novell.com/security/cve/CVE-2011-3548.html
http://support.novell.com/security/cve/CVE-2011-3549.html
http://support.novell.com/security/cve/CVE-2011-3552.html
http://support.novell.com/security/cve/CVE-2011-3556.html
http://support.novell.com/security/cve/CVE-2011-3557.html
http://support.novell.com/security/cve/CVE-2011-3560.html
https://bugzilla.novell.com/739256
http://download.novell.com/patch/finder/?keywords=77471aa6472b33cde43cae36b3b3fef0
http://download.novell.com/patch/finder/?keywords=c0c632466d75a1ac53d2ceaf2d983053
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke