Security update for java-1_7_1-ibm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3041-1 Final 1 1 2016-12-07T13:24:58Z current 2016-12-07T13:24:58Z 2016-12-07T13:24:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_1-ibm This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-java-1_7_1-ibm-12873,slessp4-java-1_7_1-ibm-12873 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ Link for SUSE-SU-2016:3041-1 https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00021.html E-Mail link for SUSE-SU-2016:3041-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://www.suse.com/security/cve/CVE-2016-5542/ SUSE CVE CVE-2016-5542 page https://www.suse.com/security/cve/CVE-2016-5554/ SUSE CVE CVE-2016-5554 page https://www.suse.com/security/cve/CVE-2016-5556/ SUSE CVE CVE-2016-5556 page https://www.suse.com/security/cve/CVE-2016-5568/ SUSE CVE CVE-2016-5568 page https://www.suse.com/security/cve/CVE-2016-5573/ SUSE CVE CVE-2016-5573 page https://www.suse.com/security/cve/CVE-2016-5597/ SUSE CVE CVE-2016-5597 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 java-1_7_1-ibm-1.7.1_sr3.60-19.2 java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 java-1_7_1-ibm-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server 11 SP4 java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server 11 SP4 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server 11 SP4 java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server 11 SP4 java-1_7_1-ibm-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. CVE-2016-5542 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5542.html CVE-2016-5542 https://bugzilla.suse.com/1005522 SUSE Bug 1005522 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. CVE-2016-5554 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5554.html CVE-2016-5554 https://bugzilla.suse.com/1005523 SUSE Bug 1005523 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. CVE-2016-5556 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5556.html CVE-2016-5556 https://bugzilla.suse.com/1005524 SUSE Bug 1005524 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2016-5568 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5568.html CVE-2016-5568 https://bugzilla.suse.com/1005525 SUSE Bug 1005525 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. CVE-2016-5573 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 important 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5573.html CVE-2016-5573 https://bugzilla.suse.com/1005526 SUSE Bug 1005526 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. CVE-2016-5597 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.60-19.2 SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.60-19.2 moderate 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163041-1/ https://www.suse.com/security/cve/CVE-2016-5597.html CVE-2016-5597 https://bugzilla.suse.com/1005528 SUSE Bug 1005528 https://bugzilla.suse.com/1009280 SUSE Bug 1009280