[SUSE-SU-2016:0428-1] Security update for java-1_6_0-ibm
Severity
Important
CVEs
11
Security update for java-1_6_0-ibm
This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937)
- CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances
- CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials
- CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information
- CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions
- CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions
- CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
- CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact
- CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information
- CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service
- CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact
- CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact
The following bugs were fixed:
- bsc#960402: resolve package conflicts in devel package
- bsc#960286: resolve package conflicts in the fonts subpackage
- ID
- SUSE-SU-2016:0428-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20160428-1/
- Published
-
2016-02-11T10:52:08
(8 years ago) - Modified
-
2016-02-11T10:52:08
(8 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2015-611
-
ALAS-2015-615
-
ALAS-2016-643
-
ALAS-2016-645
-
ALAS-2016-647
-
ALAS-2016-651
-
ALAS-2016-654
-
ALAS-2016-661
-
ALAS2-2023-1904
-
DSA-3399-1
-
DSA-3436-1
-
DSA-3437-1
-
DSA-3443-1
-
DSA-3457-1
-
DSA-3458-1
-
DSA-3465-1
-
DSA-3491-1
-
DSA-3507-1
-
DSA-3688-1
-
DSA-3725-1
-
ELSA-2015-2594
-
ELSA-2015-2595
-
ELSA-2015-2596
-
ELSA-2016-0007
-
ELSA-2016-0008
-
ELSA-2016-0012
-
ELSA-2016-0049
-
ELSA-2016-0050
-
ELSA-2016-0053
-
ELSA-2016-0054
-
ELSA-2016-0067
-
FEDORA-2015-0a543024bf
-
FEDORA-2015-13668fff74
-
FEDORA-2015-1d87313b7c
-
FEDORA-2015-233750b6ab
-
FEDORA-2015-3461e976cb
-
FEDORA-2015-3868cfa17b
-
FEDORA-2015-39499d9af8
-
FEDORA-2015-4ad4998d00
-
FEDORA-2015-501493d853
-
FEDORA-2015-5e52306c9c
-
FEDORA-2015-8a1243db75
-
FEDORA-2015-8c475f7169
-
FEDORA-2015-97fc1797fa
-
FEDORA-2015-ac8100927a
-
FEDORA-2015-c80ec85542
-
FEDORA-2015-ec2ddd15d7
-
FEDORA-2016-43735c33a7
-
FEDORA-2016-9a1c707b10
-
FREEBSD:10F7BC76-0335-4A88-B391-0B05B3A8CE1C
-
FREEBSD:1886E195-8B87-11E5-90E7-B499BAEBFEAF
-
GLSA-201603-09
-
GLSA-201603-14
-
GLSA-201605-06
-
GLSA-201610-08
-
GLSA-201611-08
-
GLSA-201701-46
-
GLSA-201706-18
-
GLSA-201801-15
-
RHSA-2015:2594
-
RHSA-2015:2595
-
RHSA-2015:2596
-
RHSA-2016:0007
-
RHSA-2016:0008
-
RHSA-2016:0012
-
RHSA-2016:0049
-
RHSA-2016:0050
-
RHSA-2016:0053
-
RHSA-2016:0054
-
RHSA-2016:0067
-
RHSA-2016:0098
-
RHSA-2016:0099
-
RHSA-2016:0101
-
SSA:2015-337-01
-
SSA:2015-349-02
-
SSA:2015-351-02
-
SUSE-SU-2015:2013-1
-
SUSE-SU-2015:2017-1
-
SUSE-SU-2015:2024-1
-
SUSE-SU-2016:0027-1
-
SUSE-SU-2016:0041-1
-
SUSE-SU-2016:0050-1
-
SUSE-SU-2016:0061-1
-
SUSE-SU-2016:0149-1
-
SUSE-SU-2016:0189-1
-
SUSE-SU-2016:0256-1
-
SUSE-SU-2016:0265-1
-
SUSE-SU-2016:0269-1
-
SUSE-SU-2016:0390-1
-
SUSE-SU-2016:0399-1
-
SUSE-SU-2016:0401-1
-
SUSE-SU-2016:0431-1
-
SUSE-SU-2016:0433-1
-
SUSE-SU-2016:0584-1
-
SUSE-SU-2016:0636-1
-
SUSE-SU-2016:0770-1
-
SUSE-SU-2017:0860-1
-
SUSE-SU-2017:0901-1
-
SUSE-SU-2017:0950-1
-
USN-2815-1
-
USN-2861-1
-
USN-2863-1
-
USN-2864-1
-
USN-2865-1
-
USN-2866-1
-
USN-2884-1
-
USN-2885-1
-
USN-2904-1
-
USN-3227-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |