Nekoliko ranjivosti paketa IBM Java

U radu paketa IBM Java 1.5.0 otkriveno je nekoliko sigurnosnih propusta koji potencijalnim napadačima omogućuju čitanje povjerljivih podataka, izvođenje DoS napada te ugrožavanje integriteta podataka.

Paket:	IBM Java 1.4.2
Operacijski sustavi:	SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Server (SLES) 10
Kritičnost:	8.7
Problem:	nepoznat
Iskorištavanje:	lokalno/udaljeno
Posljedica:	otkrivanje osjetljivih informacija, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1725
Izvorni ID preporuke:	SUSE-SU-2012:1204-1
Izvor:	SUSE

Problem:
Izvor sigurnosnih nedostataka nije objavljen u preporuci.
Posljedica:
Napadači bi mogli ugroziti podatke na sustavu, otkriti osjetljive informacije i izvesti DoS napad.
Rješenje:
Savjetuje se instalacija programskih rješenja koja uklanjaju propust.

Izvorni tekst preporuke

   SUSE Security Update: Security update for IBM Java
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1204-1
Rating:             important
References:         #666744 #771808 #773021 #778629 
Cross-References:   CVE-2012-1713 CVE-2012-1716 CVE-2012-1717
                    CVE-2012-1718 CVE-2012-1719 CVE-2012-1725
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Java 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:


   IBM Java 1.5.0 was updated to SR14 fixing bugs and security
   issues.

   http://www.ibm.com/developerworks/java/jdk/alerts/
   <http://www.ibm.com/developerworks/java/jdk/alerts/>

   Also three bugs have been fixed:

   * fix bnc#771808: create symlink /usr/bin/javaws
   properly
   * fix bnc#666744: mark all configuration files as
   %config(noreplace)
   * fix bnc#773021: add code removing fonts symlink to
   baselibs.conf

   Security Issue references:

   * CVE-2012-1717
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
   >
   * CVE-2012-1716
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
   >
   * CVE-2012-1713
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
   >
   * CVE-2012-1719
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
   >
   * CVE-2012-1718
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
   >
   * CVE-2012-1725
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64):

      java-1_5_0-ibm-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      java-1_5_0-ibm-32bit-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-devel-32bit-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ppc):

      java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Server 10 SP4 (x86_64):

      java-1_5_0-ibm-alsa-32bit-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Server 10 SP4 (i586):

      java-1_5_0-ibm-alsa-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      java-1_5_0-ibm-64bit-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64):

      java-1_5_0-ibm-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Java 10 SP4 (ppc):

      java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      java-1_5_0-ibm-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-demo-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-devel-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-fonts-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-src-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      java-1_5_0-ibm-32bit-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-alsa-32bit-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-devel-32bit-1.5.0_sr14.0-0.9.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      java-1_5_0-ibm-alsa-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-jdbc-1.5.0_sr14.0-0.9.1
      java-1_5_0-ibm-plugin-1.5.0_sr14.0-0.9.1


References:

   http://support.novell.com/security/cve/CVE-2012-1713.html
   http://support.novell.com/security/cve/CVE-2012-1716.html
   http://support.novell.com/security/cve/CVE-2012-1717.html
   http://support.novell.com/security/cve/CVE-2012-1718.html
   http://support.novell.com/security/cve/CVE-2012-1719.html
   http://support.novell.com/security/cve/CVE-2012-1725.html
   https://bugzilla.novell.com/666744
   https://bugzilla.novell.com/771808
   https://bugzilla.novell.com/773021
   https://bugzilla.novell.com/778629
  
http://download.novell.com/patch/finder/?keywords=458527f9aa3426cff56a9eb352661d4a

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Nekoliko ranjivosti paketa IBM Java

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Nekoliko ranjivosti paketa IBM Java

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti