Niz propusta paketa IBM Java 1.6.0

U radu programskog paketa IBM Java 1.6.0 uočen je niz sigurnosnih propusta. Udaljenim napadačima omogućuju otkrivanje osjetljivih informacija te utjecanje na integritet, dostupnost i povjerljivost podataka.

Paket:	java-1.6.0-ibm
Operacijski sustavi:	SUSE Linux Enterprise Server (SLES) 11
Kritičnost:	8.7
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	izmjena podataka, otkrivanje osjetljivih informacija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560
Izvorni ID preporuke:	SUSE-SU-2012:0114-2
Izvor:	SUSE

Problem:
Spomenuti su propusti posljedica nepravilnosti u implementaciji SSL protokola te višestrukih nespecificiranih ranjivosti u komponenti Java Runtime Environment.
Posljedica:
Napadač ih može iskoristiti za utjecanje na integritet, dostupnost i povjerljivost podataka i samog sustava.
Rješenje:
Korisnicima se preporuča instalacija odgovarajuće nadogradnje.

Izvorni tekst preporuke

   SUSE Security Update: Security update for IBM Java 1.6.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0114-2
Rating:             important
References:         #739248 
Cross-References:   CVE-2011-3389 CVE-2011-3516 CVE-2011-3521
                    CVE-2011-3544 CVE-2011-3545 CVE-2011-3546
                    CVE-2011-3547 CVE-2011-3548 CVE-2011-3549
                    CVE-2011-3550 CVE-2011-3551 CVE-2011-3552
                    CVE-2011-3553 CVE-2011-3554 CVE-2011-3556
                    CVE-2011-3557 CVE-2011-3560 CVE-2011-3561
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP1 FOR
SP2
                    SUSE Linux Enterprise Software Development Kit 11 SP1
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1 FOR SP2
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Java 11 SP1
______________________________________________________________________________

   An update that fixes 18 vulnerabilities is now available.

Description:


   IBM Java 1.6.0 SR10 has been released fixing the following
   CVE's/security  Issues:

   * CVE-2011-3389
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
   >
   * CVE-2011-3516
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
   >
   * CVE-2011-3521
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
   >
   * CVE-2011-3544
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
   >
   * CVE-2011-3545
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
   >
   * CVE-2011-3546
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
   >
   * CVE-2011-3547
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
   >
   * CVE-2011-3548
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
   >
   * CVE-2011-3549
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
   >
   * CVE-2011-3550
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
   >
   * CVE-2011-3551
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
   >
   * CVE-2011-3552
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
   >
   * CVE-2011-3553
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
   >
   * CVE-2011-3554
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
   >
   * CVE-2011-3556
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
   >
   * CVE-2011-3557
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
   >
   * CVE-2011-3560
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
   >
   * CVE-2011-3561
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2:

      zypper in -t patch sdksp1fsp2-java-1_6_0-ibm-5872

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-java-1_6_0-ibm-5872

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-java-1_6_0-ibm-5872

   - SUSE Linux Enterprise Server 11 SP1 FOR SP2:

      zypper in -t patch slessp1fsp2-java-1_6_0-ibm-5872

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-java-1_6_0-ibm-5872

   - SUSE Linux Enterprise Java 11 SP1:

      zypper in -t patch slejsp1-java-1_6_0-ibm-5872

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (i586 ppc64
s390x x86_64):

      java-1_6_0-ibm-devel-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Software Development Kit 11 SP1 FOR SP2 (i586
x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ppc64 s390x
x86_64):

      java-1_6_0-ibm-devel-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ppc64 s390x x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 x86_64):

      java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 ppc64 s390x x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64):

      java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Java 11 SP1 (i586 ppc64 s390x x86_64):

      java-1_6_0-ibm-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-devel-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-fonts-1.6.0_sr10.0-0.3.1
      java-1_6_0-ibm-jdbc-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Java 11 SP1 (i586 x86_64):

      java-1_6_0-ibm-plugin-1.6.0_sr10.0-0.3.1

   - SUSE Linux Enterprise Java 11 SP1 (i586):

      java-1_6_0-ibm-alsa-1.6.0_sr10.0-0.3.1


References:

   http://support.novell.com/security/cve/CVE-2011-3389.html
   http://support.novell.com/security/cve/CVE-2011-3516.html
   http://support.novell.com/security/cve/CVE-2011-3521.html
   http://support.novell.com/security/cve/CVE-2011-3544.html
   http://support.novell.com/security/cve/CVE-2011-3545.html
   http://support.novell.com/security/cve/CVE-2011-3546.html
   http://support.novell.com/security/cve/CVE-2011-3547.html
   http://support.novell.com/security/cve/CVE-2011-3548.html
   http://support.novell.com/security/cve/CVE-2011-3549.html
   http://support.novell.com/security/cve/CVE-2011-3550.html
   http://support.novell.com/security/cve/CVE-2011-3551.html
   http://support.novell.com/security/cve/CVE-2011-3552.html
   http://support.novell.com/security/cve/CVE-2011-3553.html
   http://support.novell.com/security/cve/CVE-2011-3554.html
   http://support.novell.com/security/cve/CVE-2011-3556.html
   http://support.novell.com/security/cve/CVE-2011-3557.html
   http://support.novell.com/security/cve/CVE-2011-3560.html
   http://support.novell.com/security/cve/CVE-2011-3561.html
   https://bugzilla.novell.com/739248
  
http://download.novell.com/patch/finder/?keywords=150456135775777ea73371c1398a948f

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Niz propusta paketa IBM Java 1.6.0

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Niz propusta paketa IBM Java 1.6.0

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti