Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0789-1 Final 1 1 2015-04-23T14:27:30Z current 2015-04-23T14:27:30Z 2015-04-23T14:27:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs: The following vulnerabilities were fixed: * CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). * CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-176,SUSE-SLE-SERVER-12-2015-176 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ Link for SUSE-SU-2015:0789-1 https://lists.suse.com/pipermail/sle-security-updates/2015-April/001363.html E-Mail link for SUSE-SU-2015:0789-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/927591 SUSE Bug 927591 https://www.suse.com/security/cve/CVE-2015-0458/ SUSE CVE CVE-2015-0458 page https://www.suse.com/security/cve/CVE-2015-0459/ SUSE CVE CVE-2015-0459 page https://www.suse.com/security/cve/CVE-2015-0460/ SUSE CVE CVE-2015-0460 page https://www.suse.com/security/cve/CVE-2015-0469/ SUSE CVE CVE-2015-0469 page https://www.suse.com/security/cve/CVE-2015-0477/ SUSE CVE CVE-2015-0477 page https://www.suse.com/security/cve/CVE-2015-0478/ SUSE CVE CVE-2015-0478 page https://www.suse.com/security/cve/CVE-2015-0480/ SUSE CVE CVE-2015-0480 page https://www.suse.com/security/cve/CVE-2015-0484/ SUSE CVE CVE-2015-0484 page https://www.suse.com/security/cve/CVE-2015-0488/ SUSE CVE CVE-2015-0488 page https://www.suse.com/security/cve/CVE-2015-0491/ SUSE CVE CVE-2015-0491 page https://www.suse.com/security/cve/CVE-2015-0492/ SUSE CVE CVE-2015-0492 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_0-openjdk-1.7.0.79-15.1 java-1_7_0-openjdk-headless-1.7.0.79-15.1 java-1_7_0-openjdk-demo-1.7.0.79-15.1 java-1_7_0-openjdk-devel-1.7.0.79-15.1 java-1_7_0-openjdk-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Desktop 12 java-1_7_0-openjdk-headless-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Desktop 12 java-1_7_0-openjdk-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_0-openjdk-demo-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_0-openjdk-devel-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_0-openjdk-headless-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server 12 java-1_7_0-openjdk-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_0-openjdk-demo-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_0-openjdk-devel-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 java-1_7_0-openjdk-headless-1.7.0.79-15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0458 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0458.html CVE-2015-0458 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0459 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0459.html CVE-2015-0459 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0460 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0460.html CVE-2015-0460 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0469 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0469.html CVE-2015-0469 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0477 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0477.html CVE-2015-0477 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0478 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0478.html CVE-2015-0478 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/944456 SUSE Bug 944456 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0480 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0480.html CVE-2015-0480 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. CVE-2015-0484 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0484.html CVE-2015-0484 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0488 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0488.html CVE-2015-0488 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0491 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0491.html CVE-2015-0491 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. CVE-2015-0492 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Desktop 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-demo-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-devel-1.7.0.79-15.1 SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_0-openjdk-headless-1.7.0.79-15.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150789-1/ https://www.suse.com/security/cve/CVE-2015-0492.html CVE-2015-0492 https://bugzilla.suse.com/927591 SUSE Bug 927591