Security update for java-1_7_1-ibmSUSE Patchsecurity@suse.deSUSE Security TeamSUSE-SU-2015:0304-1Final112015-02-10T14:23:41Zcurrent2015-02-10T14:23:41Z2015-02-10T14:23:41Zcve-database/bin/generate-cvrf.pl2017-02-24T01:00:00ZSecurity update for java-1_7_1-ibmjava-1_7_1-ibm was updated to fix two security issues. These security issues were fixed: - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).SUSE-SLE-SDK-12-2015-80,SUSE-SLE-SERVER-12-2015-80Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/Link for SUSE-SU-2015:0304-1https://lists.suse.com/pipermail/sle-security-updates/2015-February/001231.htmlE-Mail link for SUSE-SU-2015:0304-1https://www.suse.com/support/security/rating/SUSE Security Ratingshttps://bugzilla.suse.com/916265SUSE Bug 916265https://bugzilla.suse.com/916266SUSE Bug 916266https://www.suse.com/security/cve/CVE-2014-8891/SUSE CVE CVE-2014-8891 pagehttps://www.suse.com/security/cve/CVE-2014-8892/SUSE CVE CVE-2014-8892 pageSUSE Linux Enterprise Server 12SUSE Linux Enterprise Server for SAP Applications 12SUSE Linux Enterprise Software Development Kit 12java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1java-1_7_1-ibm-1.7.1_sr2.10-8.1java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1java-1_7_1-ibm-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server 12java-1_7_1-ibm-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 as a component of SUSE Linux Enterprise Software Development Kit 12Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.CVE-2014-8891SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1important10AV:N/AC:L/Au:N/C:C/I:C/A:CTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/https://www.suse.com/security/cve/CVE-2014-8891.htmlCVE-2014-8891https://bugzilla.suse.com/916266SUSE Bug 916266Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.CVE-2014-8892SUSE Linux Enterprise Server 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1SUSE Linux Enterprise Software Development Kit 12:java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1important7.8AV:N/AC:L/Au:N/C:C/I:N/A:NTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150304-1/https://www.suse.com/security/cve/CVE-2014-8892.htmlCVE-2014-8892https://bugzilla.suse.com/916265SUSE Bug 916265