Security update for Java OpenJDK SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0833-1 Final 1 1 2014-10-24T14:17:30Z current 2014-10-24T14:17:30Z 2014-10-24T14:17:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Java OpenJDK Oracle Critical Patch Update Advisory - October 2014 Description: A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Find more information here: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sledsp3-java-1_7_0-openjdk Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ Link for SUSE-SU-2015:0833-1 https://lists.suse.com/pipermail/sle-security-updates/2015-May/001371.html E-Mail link for SUSE-SU-2015:0833-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/914041 SUSE Bug 914041 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://www.suse.com/security/cve/CVE-2013-1500/ SUSE CVE CVE-2013-1500 page https://www.suse.com/security/cve/CVE-2013-1571/ SUSE CVE CVE-2013-1571 page https://www.suse.com/security/cve/CVE-2013-2407/ SUSE CVE CVE-2013-2407 page https://www.suse.com/security/cve/CVE-2013-2412/ SUSE CVE CVE-2013-2412 page https://www.suse.com/security/cve/CVE-2013-2443/ SUSE CVE CVE-2013-2443 page https://www.suse.com/security/cve/CVE-2013-2444/ SUSE CVE CVE-2013-2444 page https://www.suse.com/security/cve/CVE-2013-2445/ SUSE CVE CVE-2013-2445 page https://www.suse.com/security/cve/CVE-2013-2446/ SUSE CVE CVE-2013-2446 page https://www.suse.com/security/cve/CVE-2013-2447/ SUSE CVE CVE-2013-2447 page https://www.suse.com/security/cve/CVE-2013-2448/ SUSE CVE CVE-2013-2448 page https://www.suse.com/security/cve/CVE-2013-2449/ SUSE CVE CVE-2013-2449 page https://www.suse.com/security/cve/CVE-2013-2450/ SUSE CVE CVE-2013-2450 page https://www.suse.com/security/cve/CVE-2013-2451/ SUSE CVE CVE-2013-2451 page https://www.suse.com/security/cve/CVE-2013-2452/ SUSE CVE CVE-2013-2452 page https://www.suse.com/security/cve/CVE-2013-2453/ SUSE CVE CVE-2013-2453 page https://www.suse.com/security/cve/CVE-2013-2454/ SUSE CVE CVE-2013-2454 page https://www.suse.com/security/cve/CVE-2013-2455/ SUSE CVE CVE-2013-2455 page https://www.suse.com/security/cve/CVE-2013-2456/ SUSE CVE CVE-2013-2456 page https://www.suse.com/security/cve/CVE-2013-2457/ SUSE CVE CVE-2013-2457 page https://www.suse.com/security/cve/CVE-2013-2458/ SUSE CVE CVE-2013-2458 page https://www.suse.com/security/cve/CVE-2013-2459/ SUSE CVE CVE-2013-2459 page https://www.suse.com/security/cve/CVE-2013-2460/ SUSE CVE CVE-2013-2460 page https://www.suse.com/security/cve/CVE-2013-2461/ SUSE CVE CVE-2013-2461 page https://www.suse.com/security/cve/CVE-2013-2463/ SUSE CVE CVE-2013-2463 page https://www.suse.com/security/cve/CVE-2013-2465/ SUSE CVE CVE-2013-2465 page https://www.suse.com/security/cve/CVE-2013-2469/ SUSE CVE CVE-2013-2469 page https://www.suse.com/security/cve/CVE-2013-2470/ SUSE CVE CVE-2013-2470 page https://www.suse.com/security/cve/CVE-2013-2471/ SUSE CVE CVE-2013-2471 page https://www.suse.com/security/cve/CVE-2013-2472/ SUSE CVE CVE-2013-2472 page https://www.suse.com/security/cve/CVE-2013-2473/ SUSE CVE CVE-2013-2473 page https://www.suse.com/security/cve/CVE-2013-3829/ SUSE CVE CVE-2013-3829 page https://www.suse.com/security/cve/CVE-2013-4002/ SUSE CVE CVE-2013-4002 page https://www.suse.com/security/cve/CVE-2013-5772/ SUSE CVE CVE-2013-5772 page https://www.suse.com/security/cve/CVE-2013-5774/ SUSE CVE CVE-2013-5774 page https://www.suse.com/security/cve/CVE-2013-5778/ SUSE CVE CVE-2013-5778 page https://www.suse.com/security/cve/CVE-2013-5780/ SUSE CVE CVE-2013-5780 page https://www.suse.com/security/cve/CVE-2013-5782/ SUSE CVE CVE-2013-5782 page https://www.suse.com/security/cve/CVE-2013-5783/ SUSE CVE CVE-2013-5783 page https://www.suse.com/security/cve/CVE-2013-5784/ SUSE CVE CVE-2013-5784 page https://www.suse.com/security/cve/CVE-2013-5790/ SUSE CVE CVE-2013-5790 page https://www.suse.com/security/cve/CVE-2013-5797/ SUSE CVE CVE-2013-5797 page https://www.suse.com/security/cve/CVE-2013-5800/ SUSE CVE CVE-2013-5800 page https://www.suse.com/security/cve/CVE-2013-5802/ SUSE CVE CVE-2013-5802 page https://www.suse.com/security/cve/CVE-2013-5803/ SUSE CVE CVE-2013-5803 page https://www.suse.com/security/cve/CVE-2013-5804/ SUSE CVE CVE-2013-5804 page https://www.suse.com/security/cve/CVE-2013-5805/ SUSE CVE CVE-2013-5805 page https://www.suse.com/security/cve/CVE-2013-5806/ SUSE CVE CVE-2013-5806 page https://www.suse.com/security/cve/CVE-2013-5809/ SUSE CVE CVE-2013-5809 page https://www.suse.com/security/cve/CVE-2013-5814/ SUSE CVE CVE-2013-5814 page https://www.suse.com/security/cve/CVE-2013-5817/ SUSE CVE CVE-2013-5817 page https://www.suse.com/security/cve/CVE-2013-5820/ SUSE CVE CVE-2013-5820 page https://www.suse.com/security/cve/CVE-2013-5823/ SUSE CVE CVE-2013-5823 page https://www.suse.com/security/cve/CVE-2013-5825/ SUSE CVE CVE-2013-5825 page https://www.suse.com/security/cve/CVE-2013-5829/ SUSE CVE CVE-2013-5829 page https://www.suse.com/security/cve/CVE-2013-5830/ SUSE CVE CVE-2013-5830 page https://www.suse.com/security/cve/CVE-2013-5840/ SUSE CVE CVE-2013-5840 page https://www.suse.com/security/cve/CVE-2013-5842/ SUSE CVE CVE-2013-5842 page https://www.suse.com/security/cve/CVE-2013-5849/ SUSE CVE CVE-2013-5849 page https://www.suse.com/security/cve/CVE-2013-5850/ SUSE CVE CVE-2013-5850 page https://www.suse.com/security/cve/CVE-2013-5851/ SUSE CVE CVE-2013-5851 page https://www.suse.com/security/cve/CVE-2013-5878/ SUSE CVE CVE-2013-5878 page https://www.suse.com/security/cve/CVE-2013-5884/ SUSE CVE CVE-2013-5884 page https://www.suse.com/security/cve/CVE-2013-5893/ SUSE CVE CVE-2013-5893 page https://www.suse.com/security/cve/CVE-2013-5896/ SUSE CVE CVE-2013-5896 page https://www.suse.com/security/cve/CVE-2013-5907/ SUSE CVE CVE-2013-5907 page https://www.suse.com/security/cve/CVE-2013-5910/ SUSE CVE CVE-2013-5910 page https://www.suse.com/security/cve/CVE-2013-6629/ SUSE CVE CVE-2013-6629 page https://www.suse.com/security/cve/CVE-2013-6954/ SUSE CVE CVE-2013-6954 page https://www.suse.com/security/cve/CVE-2014-0368/ SUSE CVE CVE-2014-0368 page https://www.suse.com/security/cve/CVE-2014-0373/ SUSE CVE CVE-2014-0373 page https://www.suse.com/security/cve/CVE-2014-0376/ SUSE CVE CVE-2014-0376 page https://www.suse.com/security/cve/CVE-2014-0411/ SUSE CVE CVE-2014-0411 page https://www.suse.com/security/cve/CVE-2014-0416/ SUSE CVE CVE-2014-0416 page https://www.suse.com/security/cve/CVE-2014-0422/ SUSE CVE CVE-2014-0422 page https://www.suse.com/security/cve/CVE-2014-0423/ SUSE CVE CVE-2014-0423 page https://www.suse.com/security/cve/CVE-2014-0428/ SUSE CVE CVE-2014-0428 page https://www.suse.com/security/cve/CVE-2014-0429/ SUSE CVE CVE-2014-0429 page https://www.suse.com/security/cve/CVE-2014-0446/ SUSE CVE CVE-2014-0446 page https://www.suse.com/security/cve/CVE-2014-0451/ SUSE CVE CVE-2014-0451 page https://www.suse.com/security/cve/CVE-2014-0452/ SUSE CVE CVE-2014-0452 page https://www.suse.com/security/cve/CVE-2014-0453/ SUSE CVE CVE-2014-0453 page https://www.suse.com/security/cve/CVE-2014-0454/ SUSE CVE CVE-2014-0454 page https://www.suse.com/security/cve/CVE-2014-0455/ SUSE CVE CVE-2014-0455 page https://www.suse.com/security/cve/CVE-2014-0456/ SUSE CVE CVE-2014-0456 page https://www.suse.com/security/cve/CVE-2014-0457/ SUSE CVE CVE-2014-0457 page https://www.suse.com/security/cve/CVE-2014-0458/ SUSE CVE CVE-2014-0458 page https://www.suse.com/security/cve/CVE-2014-0459/ SUSE CVE CVE-2014-0459 page https://www.suse.com/security/cve/CVE-2014-0460/ SUSE CVE CVE-2014-0460 page https://www.suse.com/security/cve/CVE-2014-0461/ SUSE CVE CVE-2014-0461 page https://www.suse.com/security/cve/CVE-2014-1876/ SUSE CVE CVE-2014-1876 page https://www.suse.com/security/cve/CVE-2014-2397/ SUSE CVE CVE-2014-2397 page https://www.suse.com/security/cve/CVE-2014-2398/ SUSE CVE CVE-2014-2398 page https://www.suse.com/security/cve/CVE-2014-2402/ SUSE CVE CVE-2014-2402 page https://www.suse.com/security/cve/CVE-2014-2403/ SUSE CVE CVE-2014-2403 page https://www.suse.com/security/cve/CVE-2014-2412/ SUSE CVE CVE-2014-2412 page https://www.suse.com/security/cve/CVE-2014-2413/ SUSE CVE CVE-2014-2413 page https://www.suse.com/security/cve/CVE-2014-2414/ SUSE CVE CVE-2014-2414 page https://www.suse.com/security/cve/CVE-2014-2421/ SUSE CVE CVE-2014-2421 page https://www.suse.com/security/cve/CVE-2014-2423/ SUSE CVE CVE-2014-2423 page https://www.suse.com/security/cve/CVE-2014-2427/ SUSE CVE CVE-2014-2427 page https://www.suse.com/security/cve/CVE-2014-2483/ SUSE CVE CVE-2014-2483 page https://www.suse.com/security/cve/CVE-2014-2490/ SUSE CVE CVE-2014-2490 page https://www.suse.com/security/cve/CVE-2014-3566/ SUSE CVE CVE-2014-3566 page https://www.suse.com/security/cve/CVE-2014-4208/ SUSE CVE CVE-2014-4208 page https://www.suse.com/security/cve/CVE-2014-4209/ SUSE CVE CVE-2014-4209 page https://www.suse.com/security/cve/CVE-2014-4216/ SUSE CVE CVE-2014-4216 page https://www.suse.com/security/cve/CVE-2014-4218/ SUSE CVE CVE-2014-4218 page https://www.suse.com/security/cve/CVE-2014-4219/ SUSE CVE CVE-2014-4219 page https://www.suse.com/security/cve/CVE-2014-4220/ SUSE CVE CVE-2014-4220 page https://www.suse.com/security/cve/CVE-2014-4221/ SUSE CVE CVE-2014-4221 page https://www.suse.com/security/cve/CVE-2014-4223/ SUSE CVE CVE-2014-4223 page https://www.suse.com/security/cve/CVE-2014-4227/ SUSE CVE CVE-2014-4227 page https://www.suse.com/security/cve/CVE-2014-4244/ SUSE CVE CVE-2014-4244 page https://www.suse.com/security/cve/CVE-2014-4247/ SUSE CVE CVE-2014-4247 page https://www.suse.com/security/cve/CVE-2014-4252/ SUSE CVE CVE-2014-4252 page https://www.suse.com/security/cve/CVE-2014-4262/ SUSE CVE CVE-2014-4262 page https://www.suse.com/security/cve/CVE-2014-4263/ SUSE CVE CVE-2014-4263 page https://www.suse.com/security/cve/CVE-2014-4264/ SUSE CVE CVE-2014-4264 page https://www.suse.com/security/cve/CVE-2014-4265/ SUSE CVE CVE-2014-4265 page https://www.suse.com/security/cve/CVE-2014-4266/ SUSE CVE CVE-2014-4266 page https://www.suse.com/security/cve/CVE-2014-4268/ SUSE CVE CVE-2014-4268 page https://www.suse.com/security/cve/CVE-2014-4288/ SUSE CVE CVE-2014-4288 page https://www.suse.com/security/cve/CVE-2014-6456/ SUSE CVE CVE-2014-6456 page https://www.suse.com/security/cve/CVE-2014-6457/ SUSE CVE CVE-2014-6457 page https://www.suse.com/security/cve/CVE-2014-6458/ SUSE CVE CVE-2014-6458 page https://www.suse.com/security/cve/CVE-2014-6466/ SUSE CVE CVE-2014-6466 page https://www.suse.com/security/cve/CVE-2014-6468/ SUSE CVE CVE-2014-6468 page https://www.suse.com/security/cve/CVE-2014-6476/ SUSE CVE CVE-2014-6476 page https://www.suse.com/security/cve/CVE-2014-6485/ SUSE CVE CVE-2014-6485 page https://www.suse.com/security/cve/CVE-2014-6492/ SUSE CVE CVE-2014-6492 page https://www.suse.com/security/cve/CVE-2014-6493/ SUSE CVE CVE-2014-6493 page https://www.suse.com/security/cve/CVE-2014-6502/ SUSE CVE CVE-2014-6502 page https://www.suse.com/security/cve/CVE-2014-6503/ SUSE CVE CVE-2014-6503 page https://www.suse.com/security/cve/CVE-2014-6504/ SUSE CVE CVE-2014-6504 page https://www.suse.com/security/cve/CVE-2014-6506/ SUSE CVE CVE-2014-6506 page https://www.suse.com/security/cve/CVE-2014-6511/ SUSE CVE CVE-2014-6511 page https://www.suse.com/security/cve/CVE-2014-6512/ SUSE CVE CVE-2014-6512 page https://www.suse.com/security/cve/CVE-2014-6513/ SUSE CVE CVE-2014-6513 page https://www.suse.com/security/cve/CVE-2014-6515/ SUSE CVE CVE-2014-6515 page https://www.suse.com/security/cve/CVE-2014-6517/ SUSE CVE CVE-2014-6517 page https://www.suse.com/security/cve/CVE-2014-6519/ SUSE CVE CVE-2014-6519 page https://www.suse.com/security/cve/CVE-2014-6527/ SUSE CVE CVE-2014-6527 page https://www.suse.com/security/cve/CVE-2014-6531/ SUSE CVE CVE-2014-6531 page https://www.suse.com/security/cve/CVE-2014-6532/ SUSE CVE CVE-2014-6532 page https://www.suse.com/security/cve/CVE-2014-6549/ SUSE CVE CVE-2014-6549 page https://www.suse.com/security/cve/CVE-2014-6558/ SUSE CVE CVE-2014-6558 page https://www.suse.com/security/cve/CVE-2014-6562/ SUSE CVE CVE-2014-6562 page https://www.suse.com/security/cve/CVE-2014-6585/ SUSE CVE CVE-2014-6585 page https://www.suse.com/security/cve/CVE-2014-6587/ SUSE CVE CVE-2014-6587 page https://www.suse.com/security/cve/CVE-2014-6591/ SUSE CVE CVE-2014-6591 page https://www.suse.com/security/cve/CVE-2014-6593/ SUSE CVE CVE-2014-6593 page https://www.suse.com/security/cve/CVE-2014-6601/ SUSE CVE CVE-2014-6601 page https://www.suse.com/security/cve/CVE-2015-0383/ SUSE CVE CVE-2015-0383 page https://www.suse.com/security/cve/CVE-2015-0395/ SUSE CVE CVE-2015-0395 page https://www.suse.com/security/cve/CVE-2015-0400/ SUSE CVE CVE-2015-0400 page https://www.suse.com/security/cve/CVE-2015-0403/ SUSE CVE CVE-2015-0403 page https://www.suse.com/security/cve/CVE-2015-0406/ SUSE CVE CVE-2015-0406 page https://www.suse.com/security/cve/CVE-2015-0407/ SUSE CVE CVE-2015-0407 page https://www.suse.com/security/cve/CVE-2015-0408/ SUSE CVE CVE-2015-0408 page https://www.suse.com/security/cve/CVE-2015-0410/ SUSE CVE CVE-2015-0410 page https://www.suse.com/security/cve/CVE-2015-0412/ SUSE CVE CVE-2015-0412 page https://www.suse.com/security/cve/CVE-2015-0413/ SUSE CVE CVE-2015-0413 page https://www.suse.com/security/cve/CVE-2015-0421/ SUSE CVE CVE-2015-0421 page https://www.suse.com/security/cve/CVE-2015-0437/ SUSE CVE CVE-2015-0437 page https://www.suse.com/security/cve/CVE-2015-0458/ SUSE CVE CVE-2015-0458 page https://www.suse.com/security/cve/CVE-2015-0459/ SUSE CVE CVE-2015-0459 page https://www.suse.com/security/cve/CVE-2015-0460/ SUSE CVE CVE-2015-0460 page https://www.suse.com/security/cve/CVE-2015-0469/ SUSE CVE CVE-2015-0469 page https://www.suse.com/security/cve/CVE-2015-0477/ SUSE CVE CVE-2015-0477 page https://www.suse.com/security/cve/CVE-2015-0478/ SUSE CVE CVE-2015-0478 page https://www.suse.com/security/cve/CVE-2015-0480/ SUSE CVE CVE-2015-0480 page https://www.suse.com/security/cve/CVE-2015-0484/ SUSE CVE CVE-2015-0484 page https://www.suse.com/security/cve/CVE-2015-0488/ SUSE CVE CVE-2015-0488 page https://www.suse.com/security/cve/CVE-2015-0491/ SUSE CVE CVE-2015-0491 page https://www.suse.com/security/cve/CVE-2015-0492/ SUSE CVE CVE-2015-0492 page SUSE Linux Enterprise Desktop 11 SP3 java-1_7_0-openjdk-1.7.0.71-0.7.1 java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 java-1_7_0-openjdk-1.7.0.71-0.7.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. CVE-2013-1500 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 8.3 AV:N/AC:M/Au:N/C:P/I:C/A:P 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-1500.html CVE-2013-1500 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 https://bugzilla.suse.com/977650 SUSE Bug 977650 Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. CVE-2013-1571 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-1571.html CVE-2013-1571 https://bugzilla.suse.com/824397 SUSE Bug 824397 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." CVE-2013-2407 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2407.html CVE-2013-2407 https://bugzilla.suse.com/824397 SUSE Bug 824397 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. CVE-2013-2412 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2412.html CVE-2013-2412 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. CVE-2013-2443 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2443.html CVE-2013-2443 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. CVE-2013-2444 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2444.html CVE-2013-2444 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." CVE-2013-2445 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2445.html CVE-2013-2445 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. CVE-2013-2446 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2446.html CVE-2013-2446 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. CVE-2013-2447 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2447.html CVE-2013-2447 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." CVE-2013-2448 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2448.html CVE-2013-2448 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. CVE-2013-2449 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2449.html CVE-2013-2449 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. CVE-2013-2450 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2450.html CVE-2013-2450 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. CVE-2013-2451 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 low 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2451.html CVE-2013-2451 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. CVE-2013-2452 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2452.html CVE-2013-2452 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. CVE-2013-2453 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2453.html CVE-2013-2453 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. CVE-2013-2454 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2454.html CVE-2013-2454 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. CVE-2013-2455 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2455.html CVE-2013-2455 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. CVE-2013-2456 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2456.html CVE-2013-2456 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. CVE-2013-2457 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2457.html CVE-2013-2457 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." CVE-2013-2458 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2458.html CVE-2013-2458 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." CVE-2013-2459 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2459.html CVE-2013-2459 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. CVE-2013-2460 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2460.html CVE-2013-2460 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." CVE-2013-2461 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2461.html CVE-2013-2461 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. CVE-2013-2463 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2463.html CVE-2013-2463 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. CVE-2013-2465 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2465.html CVE-2013-2465 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. CVE-2013-2469 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2469.html CVE-2013-2469 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." CVE-2013-2470 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2470.html CVE-2013-2470 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." CVE-2013-2471 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2471.html CVE-2013-2471 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. CVE-2013-2472 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2472.html CVE-2013-2472 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. CVE-2013-2473 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-2473.html CVE-2013-2473 https://bugzilla.suse.com/825624 SUSE Bug 825624 https://bugzilla.suse.com/828665 SUSE Bug 828665 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/829708 SUSE Bug 829708 Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. CVE-2013-3829 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-3829.html CVE-2013-3829 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. CVE-2013-4002 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-4002.html CVE-2013-4002 https://bugzilla.suse.com/829212 SUSE Bug 829212 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 https://bugzilla.suse.com/977650 SUSE Bug 977650 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. CVE-2013-5772 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5772.html CVE-2013-5772 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2013-5774 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5774.html CVE-2013-5774 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2013-5778 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5778.html CVE-2013-5778 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2013-5780 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5780.html CVE-2013-5780 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2013-5782 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5782.html CVE-2013-5782 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. CVE-2013-5783 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5783.html CVE-2013-5783 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. CVE-2013-5784 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5784.html CVE-2013-5784 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. CVE-2013-5790 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5790.html CVE-2013-5790 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. CVE-2013-5797 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5797.html CVE-2013-5797 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. CVE-2013-5800 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5800.html CVE-2013-5800 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. CVE-2013-5802 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5802.html CVE-2013-5802 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. CVE-2013-5803 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5803.html CVE-2013-5803 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. CVE-2013-5804 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5804.html CVE-2013-5804 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806. CVE-2013-5805 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5805.html CVE-2013-5805 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. CVE-2013-5806 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5806.html CVE-2013-5806 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829. CVE-2013-5809 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5809.html CVE-2013-5809 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2013-5814 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5814.html CVE-2013-5814 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. CVE-2013-5817 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5817.html CVE-2013-5817 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. CVE-2013-5820 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5820.html CVE-2013-5820 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. CVE-2013-5823 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5823.html CVE-2013-5823 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. CVE-2013-5825 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5825.html CVE-2013-5825 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. CVE-2013-5829 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5829.html CVE-2013-5829 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2013-5830 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5830.html CVE-2013-5830 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2013-5840 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5840.html CVE-2013-5840 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. CVE-2013-5842 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5842.html CVE-2013-5842 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. CVE-2013-5849 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5849.html CVE-2013-5849 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842. CVE-2013-5850 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5850.html CVE-2013-5850 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2013-5851 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5851.html CVE-2013-5851 https://bugzilla.suse.com/846177 SUSE Bug 846177 https://bugzilla.suse.com/846999 SUSE Bug 846999 https://bugzilla.suse.com/849212 SUSE Bug 849212 https://bugzilla.suse.com/852367 SUSE Bug 852367 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. CVE-2013-5878 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5878.html CVE-2013-5878 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. CVE-2013-5884 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5884.html CVE-2013-5884 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox. CVE-2013-5893 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5893.html CVE-2013-5893 https://bugzilla.suse.com/858818 SUSE Bug 858818 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. CVE-2013-5896 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5896.html CVE-2013-5896 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. CVE-2013-5907 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5907.html CVE-2013-5907 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. CVE-2013-5910 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-5910.html CVE-2013-5910 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. CVE-2013-6629 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-6629.html CVE-2013-6629 https://bugzilla.suse.com/850430 SUSE Bug 850430 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 https://bugzilla.suse.com/880246 SUSE Bug 880246 The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. CVE-2013-6954 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2013-6954.html CVE-2013-6954 https://bugzilla.suse.com/856522 SUSE Bug 856522 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. CVE-2014-0368 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0368.html CVE-2014-0368 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. CVE-2014-0373 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0373.html CVE-2014-0373 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." CVE-2014-0376 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0376.html CVE-2014-0376 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. CVE-2014-0411 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0411.html CVE-2014-0411 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. CVE-2014-0416 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0416.html CVE-2014-0416 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. CVE-2014-0422 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0422.html CVE-2014-0422 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. CVE-2014-0423 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.5 AV:N/AC:L/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0423.html CVE-2014-0423 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. CVE-2014-0428 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0428.html CVE-2014-0428 https://bugzilla.suse.com/858818 SUSE Bug 858818 https://bugzilla.suse.com/862064 SUSE Bug 862064 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2014-0429 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0429.html CVE-2014-0429 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0446 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0446.html CVE-2014-0446 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. CVE-2014-0451 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0451.html CVE-2014-0451 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. CVE-2014-0452 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0452.html CVE-2014-0452 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-0453 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0453.html CVE-2014-0453 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. CVE-2014-0454 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0454.html CVE-2014-0454 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. CVE-2014-0455 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0455.html CVE-2014-0455 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-0456 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0456.html CVE-2014-0456 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0457 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0457.html CVE-2014-0457 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. CVE-2014-0458 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0458.html CVE-2014-0458 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. CVE-2014-0459 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0459.html CVE-2014-0459 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. CVE-2014-0460 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0460.html CVE-2014-0460 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-0461 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-0461.html CVE-2014-0461 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. CVE-2014-1876 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-1876.html CVE-2014-1876 https://bugzilla.suse.com/863305 SUSE Bug 863305 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-2397 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2397.html CVE-2014-2397 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. CVE-2014-2398 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 low 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2398.html CVE-2014-2398 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. CVE-2014-2402 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2402.html CVE-2014-2402 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2014-2403 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2403.html CVE-2014-2403 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. CVE-2014-2412 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2412.html CVE-2014-2412 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-2413 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2413.html CVE-2014-2413 https://bugzilla.suse.com/873873 SUSE Bug 873873 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. CVE-2014-2414 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2414.html CVE-2014-2414 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2014-2421 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2421.html CVE-2014-2421 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. CVE-2014-2423 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2423.html CVE-2014-2423 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. CVE-2014-2427 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2427.html CVE-2014-2427 https://bugzilla.suse.com/873872 SUSE Bug 873872 https://bugzilla.suse.com/873873 SUSE Bug 873873 https://bugzilla.suse.com/877429 SUSE Bug 877429 https://bugzilla.suse.com/877430 SUSE Bug 877430 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." CVE-2014-2483 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2483.html CVE-2014-2483 https://bugzilla.suse.com/887530 SUSE Bug 887530 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-2490 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-2490.html CVE-2014-2490 https://bugzilla.suse.com/887530 SUSE Bug 887530 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. CVE-2014-3566 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-3566.html CVE-2014-3566 https://bugzilla.suse.com/1011293 SUSE Bug 1011293 https://bugzilla.suse.com/1031023 SUSE Bug 1031023 https://bugzilla.suse.com/901223 SUSE Bug 901223 https://bugzilla.suse.com/901254 SUSE Bug 901254 https://bugzilla.suse.com/901277 SUSE Bug 901277 https://bugzilla.suse.com/901748 SUSE Bug 901748 https://bugzilla.suse.com/901757 SUSE Bug 901757 https://bugzilla.suse.com/901759 SUSE Bug 901759 https://bugzilla.suse.com/901889 SUSE Bug 901889 https://bugzilla.suse.com/901968 SUSE Bug 901968 https://bugzilla.suse.com/902229 SUSE Bug 902229 https://bugzilla.suse.com/902233 SUSE Bug 902233 https://bugzilla.suse.com/902476 SUSE Bug 902476 https://bugzilla.suse.com/903405 SUSE Bug 903405 https://bugzilla.suse.com/903684 SUSE Bug 903684 https://bugzilla.suse.com/904889 SUSE Bug 904889 https://bugzilla.suse.com/905106 SUSE Bug 905106 https://bugzilla.suse.com/914041 SUSE Bug 914041 https://bugzilla.suse.com/994144 SUSE Bug 994144 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. CVE-2014-4208 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4208.html CVE-2014-4208 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. CVE-2014-4209 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4209.html CVE-2014-4209 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4216 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4216.html CVE-2014-4216 https://bugzilla.suse.com/887530 SUSE Bug 887530 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-4218 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4218.html CVE-2014-4218 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-4219 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4219.html CVE-2014-4219 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. CVE-2014-4220 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4220.html CVE-2014-4220 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2014-4221 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4221.html CVE-2014-4221 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. CVE-2014-4223 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4223.html CVE-2014-4223 https://bugzilla.suse.com/887530 SUSE Bug 887530 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-4227 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4227.html CVE-2014-4227 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. CVE-2014-4244 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4244.html CVE-2014-4244 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. CVE-2014-4247 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4247.html CVE-2014-4247 https://bugzilla.suse.com/887530 SUSE Bug 887530 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2014-4252 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4252.html CVE-2014-4252 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-4262 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4262.html CVE-2014-4262 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." CVE-2014-4263 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4263.html CVE-2014-4263 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. CVE-2014-4264 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4264.html CVE-2014-4264 https://bugzilla.suse.com/887530 SUSE Bug 887530 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-4265 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4265.html CVE-2014-4265 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. CVE-2014-4266 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4266.html CVE-2014-4266 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. CVE-2014-4268 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4268.html CVE-2014-4268 https://bugzilla.suse.com/887530 SUSE Bug 887530 https://bugzilla.suse.com/891699 SUSE Bug 891699 https://bugzilla.suse.com/891700 SUSE Bug 891700 https://bugzilla.suse.com/891701 SUSE Bug 891701 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. CVE-2014-4288 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-4288.html CVE-2014-4288 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-6456 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6456.html CVE-2014-6456 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. CVE-2014-6457 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4 AV:N/AC:H/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6457.html CVE-2014-6457 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6458 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6458.html CVE-2014-6458 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6466 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6466.html CVE-2014-6466 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-6468 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6468.html CVE-2014-6468 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. CVE-2014-6476 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6476.html CVE-2014-6476 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2014-6485 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6485.html CVE-2014-6485 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2014-6492 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6492.html CVE-2014-6492 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. CVE-2014-6493 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6493.html CVE-2014-6493 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-6502 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6502.html CVE-2014-6502 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. CVE-2014-6503 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6503.html CVE-2014-6503 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. CVE-2014-6504 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6504.html CVE-2014-6504 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-6506 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6506.html CVE-2014-6506 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2014-6511 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6511.html CVE-2014-6511 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2014-6512 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6512.html CVE-2014-6512 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2014-6513 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6513.html CVE-2014-6513 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2014-6515 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6515.html CVE-2014-6515 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2014-6517 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6517.html CVE-2014-6517 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. CVE-2014-6519 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6519.html CVE-2014-6519 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. CVE-2014-6527 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6527.html CVE-2014-6527 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2014-6531 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6531.html CVE-2014-6531 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. CVE-2014-6532 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6532.html CVE-2014-6532 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-6549 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6549.html CVE-2014-6549 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2014-6558 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6558.html CVE-2014-6558 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 https://bugzilla.suse.com/904889 SUSE Bug 904889 Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-6562 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6562.html CVE-2014-6562 https://bugzilla.suse.com/901239 SUSE Bug 901239 https://bugzilla.suse.com/901242 SUSE Bug 901242 https://bugzilla.suse.com/901246 SUSE Bug 901246 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. CVE-2014-6585 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6585.html CVE-2014-6585 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2014-6587 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6587.html CVE-2014-6587 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. CVE-2014-6591 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6591.html CVE-2014-6591 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. CVE-2014-6593 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6593.html CVE-2014-6593 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-6601 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2014-6601.html CVE-2014-6601 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2015-0383 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.4 AV:L/AC:M/Au:N/C:N/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0383.html CVE-2015-0383 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0395 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0395.html CVE-2015-0395 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2015-0400 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0400.html CVE-2015-0400 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0403 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0403.html CVE-2015-0403 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. CVE-2015-0406 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0406.html CVE-2015-0406 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. CVE-2015-0407 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0407.html CVE-2015-0407 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. CVE-2015-0408 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0408.html CVE-2015-0408 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. CVE-2015-0410 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0410.html CVE-2015-0410 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. CVE-2015-0412 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0412.html CVE-2015-0412 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. CVE-2015-0413 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0413.html CVE-2015-0413 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. CVE-2015-0421 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0421.html CVE-2015-0421 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0437 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0437.html CVE-2015-0437 https://bugzilla.suse.com/914041 SUSE Bug 914041 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0458 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0458.html CVE-2015-0458 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0459 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0459.html CVE-2015-0459 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0460 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0460.html CVE-2015-0460 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0469 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0469.html CVE-2015-0469 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0477 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0477.html CVE-2015-0477 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0478 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0478.html CVE-2015-0478 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/944456 SUSE Bug 944456 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0480 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0480.html CVE-2015-0480 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. CVE-2015-0484 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0484.html CVE-2015-0484 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0488 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0488.html CVE-2015-0488 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0491 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0491.html CVE-2015-0491 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. CVE-2015-0492 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-demo-1.7.0.71-0.7.1 SUSE Linux Enterprise Desktop 11 SP3:java-1_7_0-openjdk-devel-1.7.0.71-0.7.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150833-1/ https://www.suse.com/security/cve/CVE-2015-0492.html CVE-2015-0492 https://bugzilla.suse.com/927591 SUSE Bug 927591