SUSE Linux update for java-1_7_1-ibm

Published: 2017-12-28 11:33:49 | Updated: 2017-12-28 11:38:40
Severity Medium
Patch available YES
Number of vulnerabilities 16
CVSSv2 3.7 (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.7 (AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.4 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
4.2 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2016-10165
CVE-2016-9841
CVE-2017-10281
CVE-2017-10285
CVE-2017-10293
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
CWE ID CWE-200
CWE-125
CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software SUSE Linux
Vulnerable software versions SUSE Linux 11
Vendor URL SuSE
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to a flaw in the 2D (Little CMS 2) component. A remote attacker can read arbitrary files on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

2) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

3) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

4) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to a flaw in the RMI component. A remote attacker can escalate his privileges on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

5) Improper access control

Description

The vulnerability allows a remote attacker to access potentially sensitive information.

The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially read and modify arbitrary files on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

6) Improper access control

Description

The vulnerability allows a remote attacker to access potentially sensitive information.

The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially modify arbitrary files on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

7) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

8) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to a flaw in the Hotspot component. A remote attacker can escalate his privileges on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

9) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

10) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Libraries component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

11) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the JAXP component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

12) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the JAX-WS component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

13) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Networking component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

14) Improper access control

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The weakness exists due to a flaw in the Security component. A remote attacker can gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

15) Improper access control

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

16) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to a flaw in the Libraries component. A remote attacker can escalate his privileges on the target system.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00094.html

Back to List