Security update for java-1_6_0-ibm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2192-1 Final 1 1 2015-12-03T17:59:10Z current 2015-12-03T17:59:10Z 2015-12-03T17:59:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_6_0-ibm This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 - Add backcompat symlinks for sdkdir - Fix baselibs.conf policy symlinking - Fix bsc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Legacy-12-2015-943 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ Link for SUSE-SU-2015:2192-1 https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html E-Mail link for SUSE-SU-2015:2192-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/941939 SUSE Bug 941939 https://bugzilla.suse.com/955131 SUSE Bug 955131 https://www.suse.com/security/cve/CVE-2015-0204/ SUSE CVE CVE-2015-0204 page https://www.suse.com/security/cve/CVE-2015-0458/ SUSE CVE CVE-2015-0458 page https://www.suse.com/security/cve/CVE-2015-0459/ SUSE CVE CVE-2015-0459 page https://www.suse.com/security/cve/CVE-2015-0469/ SUSE CVE CVE-2015-0469 page https://www.suse.com/security/cve/CVE-2015-0477/ SUSE CVE CVE-2015-0477 page https://www.suse.com/security/cve/CVE-2015-0478/ SUSE CVE CVE-2015-0478 page https://www.suse.com/security/cve/CVE-2015-0480/ SUSE CVE CVE-2015-0480 page https://www.suse.com/security/cve/CVE-2015-0488/ SUSE CVE CVE-2015-0488 page https://www.suse.com/security/cve/CVE-2015-0491/ SUSE CVE CVE-2015-0491 page https://www.suse.com/security/cve/CVE-2015-2625/ SUSE CVE CVE-2015-2625 page https://www.suse.com/security/cve/CVE-2015-2808/ SUSE CVE CVE-2015-2808 page https://www.suse.com/security/cve/CVE-2015-4734/ SUSE CVE CVE-2015-4734 page https://www.suse.com/security/cve/CVE-2015-4803/ SUSE CVE CVE-2015-4803 page https://www.suse.com/security/cve/CVE-2015-4805/ SUSE CVE CVE-2015-4805 page https://www.suse.com/security/cve/CVE-2015-4806/ SUSE CVE CVE-2015-4806 page https://www.suse.com/security/cve/CVE-2015-4810/ SUSE CVE CVE-2015-4810 page https://www.suse.com/security/cve/CVE-2015-4835/ SUSE CVE CVE-2015-4835 page https://www.suse.com/security/cve/CVE-2015-4840/ SUSE CVE CVE-2015-4840 page https://www.suse.com/security/cve/CVE-2015-4842/ SUSE CVE CVE-2015-4842 page https://www.suse.com/security/cve/CVE-2015-4843/ SUSE CVE CVE-2015-4843 page https://www.suse.com/security/cve/CVE-2015-4844/ SUSE CVE CVE-2015-4844 page https://www.suse.com/security/cve/CVE-2015-4860/ SUSE CVE CVE-2015-4860 page https://www.suse.com/security/cve/CVE-2015-4871/ SUSE CVE CVE-2015-4871 page https://www.suse.com/security/cve/CVE-2015-4872/ SUSE CVE CVE-2015-4872 page https://www.suse.com/security/cve/CVE-2015-4882/ SUSE CVE CVE-2015-4882 page https://www.suse.com/security/cve/CVE-2015-4883/ SUSE CVE CVE-2015-4883 page https://www.suse.com/security/cve/CVE-2015-4893/ SUSE CVE CVE-2015-4893 page https://www.suse.com/security/cve/CVE-2015-4902/ SUSE CVE CVE-2015-4902 page https://www.suse.com/security/cve/CVE-2015-4903/ SUSE CVE CVE-2015-4903 page https://www.suse.com/security/cve/CVE-2015-4911/ SUSE CVE CVE-2015-4911 page https://www.suse.com/security/cve/CVE-2015-5006/ SUSE CVE CVE-2015-5006 page SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-1.6.0_sr16.15-27.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 java-1_6_0-ibm-1.6.0_sr16.15-27.1 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 as a component of SUSE Linux Enterprise Module for Legacy 12 java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 as a component of SUSE Linux Enterprise Module for Legacy 12 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. CVE-2015-0204 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0204.html CVE-2015-0204 https://bugzilla.suse.com/912014 SUSE Bug 912014 https://bugzilla.suse.com/920482 SUSE Bug 920482 https://bugzilla.suse.com/920484 SUSE Bug 920484 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/936787 SUSE Bug 936787 https://bugzilla.suse.com/952088 SUSE Bug 952088 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0458 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0458.html CVE-2015-0458 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0459 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0459.html CVE-2015-0459 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0469 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0469.html CVE-2015-0469 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0477 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0477.html CVE-2015-0477 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0478 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0478.html CVE-2015-0478 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/944456 SUSE Bug 944456 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0480 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0480.html CVE-2015-0480 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0488 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0488.html CVE-2015-0488 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0491 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-0491.html CVE-2015-0491 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. CVE-2015-2625 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-2625.html CVE-2015-2625 https://bugzilla.suse.com/937828 SUSE Bug 937828 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938895 SUSE Bug 938895 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. CVE-2015-2808 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-2808.html CVE-2015-2808 https://bugzilla.suse.com/925378 SUSE Bug 925378 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938895 SUSE Bug 938895 https://bugzilla.suse.com/952088 SUSE Bug 952088 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. CVE-2015-4734 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4734.html CVE-2015-4734 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. CVE-2015-4803 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4803.html CVE-2015-4803 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. CVE-2015-4805 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4805.html CVE-2015-4805 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. CVE-2015-4806 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4806.html CVE-2015-4806 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-4810 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4810.html CVE-2015-4810 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. CVE-2015-4835 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4835.html CVE-2015-4835 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2015-4840 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4840.html CVE-2015-4840 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2015-4842 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4842.html CVE-2015-4842 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2015-4843 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4843.html CVE-2015-4843 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-4844 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4844.html CVE-2015-4844 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. CVE-2015-4860 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4860.html CVE-2015-4860 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. CVE-2015-4871 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4871.html CVE-2015-4871 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2015-4872 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4872.html CVE-2015-4872 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. CVE-2015-4882 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4882.html CVE-2015-4882 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. CVE-2015-4883 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4883.html CVE-2015-4883 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. CVE-2015-4893 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4893.html CVE-2015-4893 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2015-4902 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4902.html CVE-2015-4902 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. CVE-2015-4903 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4903.html CVE-2015-4903 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. CVE-2015-4911 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-4911.html CVE-2015-4911 https://bugzilla.suse.com/951376 SUSE Bug 951376 https://bugzilla.suse.com/955131 SUSE Bug 955131 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. CVE-2015-5006 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 SUSE Linux Enterprise Module for Legacy 12:java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152192-1/ https://www.suse.com/security/cve/CVE-2015-5006.html CVE-2015-5006 https://bugzilla.suse.com/955131 SUSE Bug 955131