Detalji
Kreirano: 10 Svibanj 2012
Uočeni su i ispravljeni višestruki sigurnosni nedostaci u radu programskog paketa IBM Java 1.6.0 koje udaljeni napadači mogu iskoristiti za utjecaj na povjerljivost, integritet i dostupnost podataka te otkrivanje osjetljivih informacija.
Paket:
java-1.6.0-ibm
Operacijski sustavi:
SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:
7.4
Problem:
nespecificirana pogreška, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka, otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
Izvorni ID preporuke:
SUSE-SU-2012:0602-1
Izvor:
SUSE
Problem:
Nedostaci su uzrokovani pogreškom u SSL protokolu te višestrukim nespecificiranim ranjivostima u komponenti Java Runtime Environment (JRE).
Posljedica:
Napadačima omogućuju utjecanje na povjerljivost, integritet i dostupnost podataka te otkrivanje osjetljivih informacija.
Rješenje:
Svim se korisnicima preporuča primjena odgovarajuće nadogradnje.
Izvorni tekst preporuke
SUSE Security Update: Security update for IBM Java 1.6.0
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0602-1
Rating: important
References: #755397 #758470
Cross-References: CVE-2011-3389 CVE-2011-3557 CVE-2011-3560
CVE-2011-3563 CVE-2012-0498 CVE-2012-0499
CVE-2012-0501 CVE-2012-0502 CVE-2012-0503
CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Java 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________
An update that fixes 12 vulnerabilities is now available.
Description:
IBM Java 1.5.0 has been updated to SR13-FP1, fixing various
security issues.
More information can be found on:
http://www.ibm.com/developerworks/java/jdk/alerts/
<http://www.ibm.com/developerworks/java/jdk/alerts/>
Security Issue references:
* CVE-2012-0502
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
>
* CVE-2012-0503
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
>
* CVE-2012-0506
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
>
* CVE-2012-0507
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
>
* CVE-2011-3563
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
>
* CVE-2012-0498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
>
* CVE-2012-0499
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
>
* CVE-2012-0501
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
>
* CVE-2012-0505
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
>
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64):
java-1_5_0-ibm-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Server 10 SP4 (i586 ppc):
java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Server 10 SP4 (x86_64):
java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Server 10 SP4 (i586):
java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Server 10 SP4 (ppc):
java-1_5_0-ibm-64bit-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64):
java-1_5_0-ibm-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Java 10 SP4 (ppc):
java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
java-1_5_0-ibm-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-demo-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-src-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3
- SUSE Linux Enterprise Desktop 10 SP4 (i586):
java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3
java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3
References:
http://support.novell.com/security/cve/CVE-2011-3389.html
http://support.novell.com/security/cve/CVE-2011-3557.html
http://support.novell.com/security/cve/CVE-2011-3560.html
http://support.novell.com/security/cve/CVE-2011-3563.html
http://support.novell.com/security/cve/CVE-2012-0498.html
http://support.novell.com/security/cve/CVE-2012-0499.html
http://support.novell.com/security/cve/CVE-2012-0501.html
http://support.novell.com/security/cve/CVE-2012-0502.html
http://support.novell.com/security/cve/CVE-2012-0503.html
http://support.novell.com/security/cve/CVE-2012-0505.html
http://support.novell.com/security/cve/CVE-2012-0506.html
http://support.novell.com/security/cve/CVE-2012-0507.html
https://bugzilla.novell.com/755397
https://bugzilla.novell.com/758470
http://download.novell.com/patch/finder/?keywords=37f9fa06a81529e81613e3989bd55358
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke