Security update for java-1_7_0-openjdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0774-1 Final 1 1 2015-04-22T12:02:46Z current 2015-04-22T12:02:46Z 2015-04-22T12:02:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs: The following vulnerabilities were fixed: * CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0469: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0477: Beans: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols * CVE-2015-0478: JCE: unauthenticated remote attackers could read some JAVA accessible data via multiple protocols * CVE-2015-0480: Tools: unauthenticated remote attackers could update, insert or delete some JAVA accessible data via multiple protocols and cause a partial denial of service (partial DOS) * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read, update, insert or delete access some Java accessible data via multiple protocols and cause a partial denial of service (partial DOS). * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a partial denial of service (partial DOS). * CVE-2015-0491: 2D: unauthenticated remote attackers could execute arbitrary code via multiple protocols. * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute arbitrary code via multiple protocols. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html E-Mail link for openSUSE-SU-2015:0774-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 java-1_7_0-openjdk-1.7.0.79-7.4 java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 java-1_7_0-openjdk-demo-1.7.0.79-7.4 java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 java-1_7_0-openjdk-devel-1.7.0.79-7.4 java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 java-1_7_0-openjdk-headless-1.7.0.79-7.4 java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 java-1_7_0-openjdk-src-1.7.0.79-7.4 java-1_7_0-openjdk-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-demo-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-devel-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-headless-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 as a component of openSUSE 13.2 java-1_7_0-openjdk-src-1.7.0.79-7.4 as a component of openSUSE 13.2 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0458 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0458.html CVE-2015-0458 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0459 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0459.html CVE-2015-0459 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0460 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0460.html CVE-2015-0460 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0469 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0469.html CVE-2015-0469 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0477 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0477.html CVE-2015-0477 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0478 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0478.html CVE-2015-0478 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/944456 SUSE Bug 944456 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0480 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0480.html CVE-2015-0480 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. CVE-2015-0484 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0484.html CVE-2015-0484 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0488 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0488.html CVE-2015-0488 https://bugzilla.suse.com/927591 SUSE Bug 927591 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0491 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0491.html CVE-2015-0491 https://bugzilla.suse.com/927591 SUSE Bug 927591 https://bugzilla.suse.com/932310 SUSE Bug 932310 Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. CVE-2015-0492 openSUSE 13.2:java-1_7_0-openjdk-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.79-7.4 openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.79-7.4 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html https://www.suse.com/security/cve/CVE-2015-0492.html CVE-2015-0492 https://bugzilla.suse.com/927591 SUSE Bug 927591