Security update for IBM Java SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0343-2 Final 1 1 2014-11-19T10:21:52Z current 2014-11-19T10:21:52Z 2014-11-19T10:21:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for IBM Java java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues have been fixed: * Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014 <http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014> Security Issues: * CVE-2014-3065 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-6506 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506> * CVE-2014-6511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511> * CVE-2014-6531 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531> * CVE-2014-6512 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512> * CVE-2014-6457 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457> * CVE-2014-6502 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502> * CVE-2014-6558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558> * CVE-2014-6513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513> * CVE-2014-6503 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503> * CVE-2014-4288 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288> * CVE-2014-6493 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493> * CVE-2014-6532 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532> * CVE-2014-6492 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492> * CVE-2014-6458 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458> * CVE-2014-6466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466> * CVE-2014-6515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515> * CVE-2014-6456 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456> * CVE-2014-6476 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476> * CVE-2014-6527 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleman17sp2-java-1_6_0-ibm Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ Link for SUSE-SU-2015:0343-2 https://lists.suse.com/pipermail/sle-security-updates/2015-February/001253.html E-Mail link for SUSE-SU-2015:0343-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/862064 SUSE Bug 862064 https://bugzilla.suse.com/877430 SUSE Bug 877430 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/904889 SUSE Bug 904889 https://bugzilla.suse.com/912434 SUSE Bug 912434 https://bugzilla.suse.com/912447 SUSE Bug 912447 https://bugzilla.suse.com/916265 SUSE Bug 916265 https://bugzilla.suse.com/916266 SUSE Bug 916266 https://bugzilla.suse.com/930365 SUSE Bug 930365 https://bugzilla.suse.com/931702 SUSE Bug 931702 https://www.suse.com/security/cve/CVE-2013-5878/ SUSE CVE CVE-2013-5878 page https://www.suse.com/security/cve/CVE-2013-5884/ SUSE CVE CVE-2013-5884 page https://www.suse.com/security/cve/CVE-2013-5887/ SUSE CVE CVE-2013-5887 page https://www.suse.com/security/cve/CVE-2013-5888/ SUSE CVE CVE-2013-5888 page https://www.suse.com/security/cve/CVE-2013-5889/ SUSE CVE CVE-2013-5889 page https://www.suse.com/security/cve/CVE-2013-5896/ SUSE CVE CVE-2013-5896 page https://www.suse.com/security/cve/CVE-2013-5898/ SUSE CVE CVE-2013-5898 page https://www.suse.com/security/cve/CVE-2013-5899/ SUSE CVE CVE-2013-5899 page https://www.suse.com/security/cve/CVE-2013-5907/ SUSE CVE CVE-2013-5907 page https://www.suse.com/security/cve/CVE-2013-5910/ SUSE CVE CVE-2013-5910 page https://www.suse.com/security/cve/CVE-2013-6629/ SUSE CVE CVE-2013-6629 page https://www.suse.com/security/cve/CVE-2013-6954/ SUSE CVE CVE-2013-6954 page https://www.suse.com/security/cve/CVE-2014-0368/ SUSE CVE CVE-2014-0368 page https://www.suse.com/security/cve/CVE-2014-0373/ SUSE CVE CVE-2014-0373 page https://www.suse.com/security/cve/CVE-2014-0375/ SUSE CVE CVE-2014-0375 page https://www.suse.com/security/cve/CVE-2014-0376/ SUSE CVE CVE-2014-0376 page https://www.suse.com/security/cve/CVE-2014-0387/ SUSE CVE CVE-2014-0387 page https://www.suse.com/security/cve/CVE-2014-0403/ SUSE CVE CVE-2014-0403 page https://www.suse.com/security/cve/CVE-2014-0410/ SUSE CVE CVE-2014-0410 page https://www.suse.com/security/cve/CVE-2014-0411/ SUSE CVE CVE-2014-0411 page https://www.suse.com/security/cve/CVE-2014-0415/ SUSE CVE CVE-2014-0415 page https://www.suse.com/security/cve/CVE-2014-0416/ SUSE CVE CVE-2014-0416 page https://www.suse.com/security/cve/CVE-2014-0417/ SUSE CVE CVE-2014-0417 page https://www.suse.com/security/cve/CVE-2014-0422/ SUSE CVE CVE-2014-0422 page https://www.suse.com/security/cve/CVE-2014-0423/ SUSE CVE CVE-2014-0423 page https://www.suse.com/security/cve/CVE-2014-0424/ SUSE CVE CVE-2014-0424 page https://www.suse.com/security/cve/CVE-2014-0428/ SUSE CVE CVE-2014-0428 page https://www.suse.com/security/cve/CVE-2014-0429/ SUSE CVE CVE-2014-0429 page https://www.suse.com/security/cve/CVE-2014-0446/ SUSE CVE CVE-2014-0446 page https://www.suse.com/security/cve/CVE-2014-0449/ SUSE CVE CVE-2014-0449 page https://www.suse.com/security/cve/CVE-2014-0451/ SUSE CVE CVE-2014-0451 page https://www.suse.com/security/cve/CVE-2014-0452/ SUSE CVE CVE-2014-0452 page https://www.suse.com/security/cve/CVE-2014-0453/ SUSE CVE CVE-2014-0453 page https://www.suse.com/security/cve/CVE-2014-0457/ SUSE CVE CVE-2014-0457 page https://www.suse.com/security/cve/CVE-2014-0458/ SUSE CVE CVE-2014-0458 page https://www.suse.com/security/cve/CVE-2014-0459/ SUSE CVE CVE-2014-0459 page https://www.suse.com/security/cve/CVE-2014-0460/ SUSE CVE CVE-2014-0460 page https://www.suse.com/security/cve/CVE-2014-0461/ SUSE CVE CVE-2014-0461 page https://www.suse.com/security/cve/CVE-2014-0878/ SUSE CVE CVE-2014-0878 page https://www.suse.com/security/cve/CVE-2014-1876/ SUSE CVE CVE-2014-1876 page https://www.suse.com/security/cve/CVE-2014-2398/ SUSE CVE CVE-2014-2398 page https://www.suse.com/security/cve/CVE-2014-2401/ SUSE CVE CVE-2014-2401 page https://www.suse.com/security/cve/CVE-2014-2409/ SUSE CVE CVE-2014-2409 page https://www.suse.com/security/cve/CVE-2014-2412/ SUSE CVE CVE-2014-2412 page https://www.suse.com/security/cve/CVE-2014-2414/ SUSE CVE CVE-2014-2414 page https://www.suse.com/security/cve/CVE-2014-2420/ SUSE CVE CVE-2014-2420 page https://www.suse.com/security/cve/CVE-2014-2421/ SUSE CVE CVE-2014-2421 page https://www.suse.com/security/cve/CVE-2014-2423/ SUSE CVE CVE-2014-2423 page https://www.suse.com/security/cve/CVE-2014-2427/ SUSE CVE CVE-2014-2427 page https://www.suse.com/security/cve/CVE-2014-2428/ SUSE CVE CVE-2014-2428 page https://www.suse.com/security/cve/CVE-2014-3065/ SUSE CVE CVE-2014-3065 page https://www.suse.com/security/cve/CVE-2014-3566/ SUSE CVE CVE-2014-3566 page https://www.suse.com/security/cve/CVE-2014-4209/ SUSE CVE CVE-2014-4209 page https://www.suse.com/security/cve/CVE-2014-4218/ SUSE CVE CVE-2014-4218 page https://www.suse.com/security/cve/CVE-2014-4219/ SUSE CVE CVE-2014-4219 page https://www.suse.com/security/cve/CVE-2014-4227/ SUSE CVE CVE-2014-4227 page https://www.suse.com/security/cve/CVE-2014-4244/ SUSE CVE CVE-2014-4244 page https://www.suse.com/security/cve/CVE-2014-4252/ SUSE CVE CVE-2014-4252 page https://www.suse.com/security/cve/CVE-2014-4262/ SUSE CVE CVE-2014-4262 page https://www.suse.com/security/cve/CVE-2014-4263/ SUSE CVE CVE-2014-4263 page https://www.suse.com/security/cve/CVE-2014-4265/ SUSE CVE CVE-2014-4265 page https://www.suse.com/security/cve/CVE-2014-4268/ SUSE CVE CVE-2014-4268 page https://www.suse.com/security/cve/CVE-2014-4288/ SUSE CVE CVE-2014-4288 page https://www.suse.com/security/cve/CVE-2014-6456/ SUSE CVE CVE-2014-6456 page https://www.suse.com/security/cve/CVE-2014-6457/ SUSE CVE CVE-2014-6457 page https://www.suse.com/security/cve/CVE-2014-6458/ SUSE CVE CVE-2014-6458 page https://www.suse.com/security/cve/CVE-2014-6466/ SUSE CVE CVE-2014-6466 page https://www.suse.com/security/cve/CVE-2014-6476/ SUSE CVE CVE-2014-6476 page https://www.suse.com/security/cve/CVE-2014-6492/ SUSE CVE CVE-2014-6492 page https://www.suse.com/security/cve/CVE-2014-6493/ SUSE CVE CVE-2014-6493 page https://www.suse.com/security/cve/CVE-2014-6502/ SUSE CVE CVE-2014-6502 page https://www.suse.com/security/cve/CVE-2014-6503/ SUSE CVE CVE-2014-6503 page https://www.suse.com/security/cve/CVE-2014-6506/ SUSE CVE CVE-2014-6506 page https://www.suse.com/security/cve/CVE-2014-6511/ SUSE CVE CVE-2014-6511 page https://www.suse.com/security/cve/CVE-2014-6512/ SUSE CVE CVE-2014-6512 page https://www.suse.com/security/cve/CVE-2014-6513/ SUSE CVE CVE-2014-6513 page https://www.suse.com/security/cve/CVE-2014-6515/ SUSE CVE CVE-2014-6515 page https://www.suse.com/security/cve/CVE-2014-6527/ SUSE CVE CVE-2014-6527 page https://www.suse.com/security/cve/CVE-2014-6531/ SUSE CVE CVE-2014-6531 page https://www.suse.com/security/cve/CVE-2014-6532/ SUSE CVE CVE-2014-6532 page https://www.suse.com/security/cve/CVE-2014-6558/ SUSE CVE CVE-2014-6558 page https://www.suse.com/security/cve/CVE-2014-8891/ SUSE CVE CVE-2014-8891 page https://www.suse.com/security/cve/CVE-2014-8892/ SUSE CVE CVE-2014-8892 page https://www.suse.com/security/cve/CVE-2015-0138/ SUSE CVE CVE-2015-0138 page https://www.suse.com/security/cve/CVE-2015-0192/ SUSE CVE CVE-2015-0192 page https://www.suse.com/security/cve/CVE-2015-0204/ SUSE CVE CVE-2015-0204 page https://www.suse.com/security/cve/CVE-2015-0458/ SUSE CVE CVE-2015-0458 page https://www.suse.com/security/cve/CVE-2015-0459/ SUSE CVE CVE-2015-0459 page https://www.suse.com/security/cve/CVE-2015-0469/ SUSE CVE CVE-2015-0469 page https://www.suse.com/security/cve/CVE-2015-0477/ SUSE CVE CVE-2015-0477 page https://www.suse.com/security/cve/CVE-2015-0478/ SUSE CVE CVE-2015-0478 page https://www.suse.com/security/cve/CVE-2015-0480/ SUSE CVE CVE-2015-0480 page https://www.suse.com/security/cve/CVE-2015-0488/ SUSE CVE CVE-2015-0488 page https://www.suse.com/security/cve/CVE-2015-0491/ SUSE CVE CVE-2015-0491 page https://www.suse.com/security/cve/CVE-2015-1914/ SUSE CVE CVE-2015-1914 page https://www.suse.com/security/cve/CVE-2015-2808/ SUSE CVE CVE-2015-2808 page SUSE Manager 1.7 java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 as a component of SUSE Manager 1.7 java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 as a component of SUSE Manager 1.7 java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 as a component of SUSE Manager 1.7 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 as a component of SUSE Manager 1.7 java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 as a component of SUSE Manager 1.7 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. CVE-2013-5878 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5878.html CVE-2013-5878 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. CVE-2013-5884 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5884.html CVE-2013-5884 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. CVE-2013-5887 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5887.html CVE-2013-5887 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2013-5888 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5888.html CVE-2013-5888 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. CVE-2013-5889 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5889.html CVE-2013-5889 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. CVE-2013-5896 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5896.html CVE-2013-5896 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403. CVE-2013-5898 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5898.html CVE-2013-5898 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2013-5899 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5899.html CVE-2013-5899 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. CVE-2013-5907 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5907.html CVE-2013-5907 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. CVE-2013-5910 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-5910.html CVE-2013-5910 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVE-2013-6629 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-6629.html CVE-2013-6629 https://bugzilla.suse.com/850430 SUSE Bug 850430 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 https://bugzilla.suse.com/880246 SUSE Bug 880246 The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. CVE-2013-6954 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2013-6954.html CVE-2013-6954 https://bugzilla.suse.com/856522 SUSE Bug 856522 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. CVE-2014-0368 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0368.html CVE-2014-0368 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. CVE-2014-0373 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0373.html CVE-2014-0373 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403. CVE-2014-0375 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0375.html CVE-2014-0375 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." CVE-2014-0376 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0376.html CVE-2014-0376 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-0387 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0387.html CVE-2014-0387 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375. CVE-2014-0403 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0403.html CVE-2014-0403 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424. CVE-2014-0410 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0410.html CVE-2014-0410 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. CVE-2014-0411 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0411.html CVE-2014-0411 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424. CVE-2014-0415 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0415.html CVE-2014-0415 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. CVE-2014-0416 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0416.html CVE-2014-0416 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2014-0417 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0417.html CVE-2014-0417 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. CVE-2014-0422 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0422.html CVE-2014-0422 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. CVE-2014-0423 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0423.html CVE-2014-0423 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418. CVE-2014-0424 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0424.html CVE-2014-0424 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. CVE-2014-0428 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0428.html CVE-2014-0428 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2014-0429 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0429.html CVE-2014-0429 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0446 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0446.html CVE-2014-0446 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2014-0449 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0449.html CVE-2014-0449 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. CVE-2014-0451 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0451.html CVE-2014-0451 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. CVE-2014-0452 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0452.html CVE-2014-0452 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-0453 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0453.html CVE-2014-0453 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0457 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0457.html CVE-2014-0457 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. CVE-2014-0458 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0458.html CVE-2014-0458 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. CVE-2014-0459 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0459.html CVE-2014-0459 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. CVE-2014-0460 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0460.html CVE-2014-0460 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0461 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0461.html CVE-2014-0461 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. CVE-2014-0878 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-0878.html CVE-2014-0878 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. CVE-2014-1876 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-1876.html CVE-2014-1876 https://bugzilla.suse.com/863305 SUSE Bug 863305 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. CVE-2014-2398 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2398.html CVE-2014-2398 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2014-2401 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2401.html CVE-2014-2401 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. CVE-2014-2409 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2409.html CVE-2014-2409 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. CVE-2014-2412 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2412.html CVE-2014-2412 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. CVE-2014-2414 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2414.html CVE-2014-2414 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-2420 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2420.html CVE-2014-2420 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2014-2421 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2421.html CVE-2014-2421 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. CVE-2014-2423 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2423.html CVE-2014-2423 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. CVE-2014-2427 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2427.html CVE-2014-2427 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-2428 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-2428.html CVE-2014-2428 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. CVE-2014-3065 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-3065.html CVE-2014-3065 https://bugzilla.suse.com/904889 SUSE Bug 904889 https://bugzilla.suse.com/930365 SUSE Bug 930365 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. CVE-2014-3566 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-3566.html CVE-2014-3566 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1031023 SUSE Bug 1031023 https://bugzilla.suse.com/901223 SUSE Bug 901223 https://bugzilla.suse.com/901254 SUSE Bug 901254 https://bugzilla.suse.com/901277 SUSE Bug 901277 https://bugzilla.suse.com/901748 SUSE Bug 901748 https://bugzilla.suse.com/901757 SUSE Bug 901757 https://bugzilla.suse.com/901759 SUSE Bug 901759 https://bugzilla.suse.com/901889 SUSE Bug 901889 https://bugzilla.suse.com/901968 SUSE Bug 901968 https://bugzilla.suse.com/902229 SUSE Bug 902229 https://bugzilla.suse.com/902233 SUSE Bug 902233 https://bugzilla.suse.com/902476 SUSE Bug 902476 https://bugzilla.suse.com/903405 SUSE Bug 903405 https://bugzilla.suse.com/903684 SUSE Bug 903684 https://bugzilla.suse.com/904889 SUSE Bug 904889 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/914041 SUSE Bug 914041 https://bugzilla.suse.com/994144 SUSE Bug 994144 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. CVE-2014-4209 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4209.html CVE-2014-4209 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-4218 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4218.html CVE-2014-4218 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4219 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4219.html CVE-2014-4219 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-4227 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4227.html CVE-2014-4227 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-4244 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4244.html CVE-2014-4244 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2014-4252 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4252.html CVE-2014-4252 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-4262 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4262.html CVE-2014-4262 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." CVE-2014-4263 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4263.html CVE-2014-4263 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-4265 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4265.html CVE-2014-4265 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. CVE-2014-4268 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4268.html CVE-2014-4268 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. CVE-2014-4288 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-4288.html CVE-2014-4288 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-6456 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6456.html CVE-2014-6456 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. CVE-2014-6457 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4 AV:N/AC:H/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6457.html CVE-2014-6457 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6458 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6458.html CVE-2014-6458 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6466 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6466.html CVE-2014-6466 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. CVE-2014-6476 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6476.html CVE-2014-6476 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6492 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6492.html CVE-2014-6492 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. CVE-2014-6493 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6493.html CVE-2014-6493 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-6502 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6502.html CVE-2014-6502 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. CVE-2014-6503 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6503.html CVE-2014-6503 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-6506 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6506.html CVE-2014-6506 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2014-6511 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6511.html CVE-2014-6511 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-6512 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6512.html CVE-2014-6512 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2014-6513 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6513.html CVE-2014-6513 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-6515 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6515.html CVE-2014-6515 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. CVE-2014-6527 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6527.html CVE-2014-6527 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2014-6531 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6531.html CVE-2014-6531 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. CVE-2014-6532 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6532.html CVE-2014-6532 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2014-6558 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-6558.html CVE-2014-6558 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. CVE-2014-8891 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-8891.html CVE-2014-8891 https://bugzilla.suse.com/916266 SUSE Bug 916266 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. CVE-2014-8892 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2014-8892.html CVE-2014-8892 https://bugzilla.suse.com/916265 SUSE Bug 916265 GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. CVE-2015-0138 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0138.html CVE-2015-0138 https://bugzilla.suse.com/952088 SUSE Bug 952088 Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. CVE-2015-0192 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0192.html CVE-2015-0192 https://bugzilla.suse.com/952088 SUSE Bug 952088 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. CVE-2015-0204 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0204.html CVE-2015-0204 https://bugzilla.suse.com/912014 SUSE Bug 912014 https://bugzilla.suse.com/920482 SUSE Bug 920482 https://bugzilla.suse.com/920484 SUSE Bug 920484 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/927623 SUSE Bug 927623 https://bugzilla.suse.com/936787 SUSE Bug 936787 https://bugzilla.suse.com/952088 SUSE Bug 952088 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0458 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0458.html CVE-2015-0458 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0459 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0459.html CVE-2015-0459 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0469 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0469.html CVE-2015-0469 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0477 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0477.html CVE-2015-0477 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0478 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0478.html CVE-2015-0478 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/944456 SUSE Bug 944456 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0480 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0480.html CVE-2015-0480 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0488 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0488.html CVE-2015-0488 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0491 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-0491.html CVE-2015-0491 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. CVE-2015-1914 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-1914.html CVE-2015-1914 https://bugzilla.suse.com/952088 SUSE Bug 952088 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. CVE-2015-2808 SUSE Manager 1.7:java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 SUSE Manager 1.7:java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150343-2/ https://www.suse.com/security/cve/CVE-2015-2808.html CVE-2015-2808 https://bugzilla.suse.com/925378 SUSE Bug 925378 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938895 SUSE Bug 938895 https://bugzilla.suse.com/952088 SUSE Bug 952088