955131 – (CVE-2015-5006) VUL-0: java: IBM java update november

Bug 955131 (CVE-2015-5006) - VUL-0: java: IBM java update november

Summary: VUL-0: java: IBM java update november

Status:	RESOLVED FIXED

Alias:	CVE-2015-5006

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-12-07
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2015-5006:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-11-16 09:15 UTC by Sebastian Krahmer
Modified:	2018-03-19 17:09 UTC (History)
CC List:	7 users (show)

See Also:	https://bugzilla.linux.ibm.com/show_bug.cgi?id=133489
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2015-11-16 09:15:47 UTC

Theres a new IBM java update also covering multiple issues
that were already fixed in Oracle java update from October:

http://www-01.ibm.com/support/docview.wss?uid=swg21969225

Comment 1 Sebastian Krahmer 2015-11-16 09:19:08 UTC

Seems to fix these issues:

CVE-2015-4734
CVE-2015-4803
CVE-2015-4805
CVE-2015-4806
CVE-2015-4810
CVE-2015-4835
CVE-2015-4840
CVE-2015-4842
CVE-2015-4843
CVE-2015-4844
CVE-2015-4860
CVE-2015-4871
CVE-2015-4872
CVE-2015-4882
CVE-2015-4883
CVE-2015-4893
CVE-2015-4902
CVE-2015-4903
CVE-2015-4911
CVE-2015-5006

Comment 2 Swamp Workflow Management 2015-11-16 23:00:19 UTC

bugbot adjusting priority

Comment 4 Swamp Workflow Management 2015-11-23 15:01:39 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-12-07.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62345

Comment 7 Tomáš Chvátal 2015-11-24 12:13:35 UTC

All repos and pkgs should be done. Lemme know if something is amiss.

Comment 9 Marcus Meissner 2015-11-25 21:10:52 UTC

java-1_7_0-ibm is missing for sle11 sp2
java-1_7_1-ibm is missing for sle12 ga and 11-sp4

i added 11 sp2 ltss channels for java-1_6_0-ibm

Comment 14 LTC BugProxy 2015-11-26 08:17:15 UTC

The problem with multiple sources is less technical but more a process issue, as we want to qa seperate source builds seperately. in your case the build will be largely identical, but in others it will be built in a different environment.

it is mostly to unconfuse our qa processes.

Comment 17 Tomáš Chvátal 2015-11-30 07:24:20 UTC

Forgot to reassign.

Comment 18 Swamp Workflow Management 2015-12-02 13:11:34 UTC

SUSE-SU-2015:2166-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-2625,CVE-2015-2808,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    java-1_6_0-ibm-1.6.0_sr16.15-46.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    java-1_6_0-ibm-1.6.0_sr16.15-46.1
SUSE Linux Enterprise Server 11-SP3 (src):    java-1_6_0-ibm-1.6.0_sr16.15-46.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    java-1_6_0-ibm-1.6.0_sr16.15-46.1

Comment 19 Swamp Workflow Management 2015-12-02 14:25:15 UTC

SUSE-SU-2015:2168-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    java-1_7_1-ibm-1.7.1_sr3.20-17.1
SUSE Linux Enterprise Server 12 (src):    java-1_7_1-ibm-1.7.1_sr3.20-17.1

Comment 20 Swamp Workflow Management 2015-12-03 17:11:21 UTC

SUSE-SU-2015:2182-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    java-1_7_1-ibm-1.7.1_sr3.20-6.1
SUSE Linux Enterprise Server 11-SP4 (src):    java-1_7_1-ibm-1.7.1_sr3.20-6.1

Comment 21 Swamp Workflow Management 2015-12-03 21:10:47 UTC

SUSE-SU-2015:2192-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-2625,CVE-2015-2808,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    java-1_6_0-ibm-1.6.0_sr16.15-27.1

Comment 22 Swamp Workflow Management 2015-12-07 17:13:17 UTC

SUSE-SU-2015:2216-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    java-1_7_0-ibm-1.7.0_sr9.20-42.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    java-1_7_0-ibm-1.7.0_sr9.20-42.1
SUSE Linux Enterprise Server 11-SP3 (src):    java-1_7_0-ibm-1.7.0_sr9.20-42.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    java-1_7_0-ibm-1.7.0_sr9.20-42.1

Comment 23 Marcus Meissner 2015-12-14 12:56:20 UTC

all submitted at least and in qa

Comment 24 Swamp Workflow Management 2015-12-14 16:10:55 UTC

SUSE-SU-2015:2268-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr2.0-4.1
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr2.0-4.1

Comment 25 Swamp Workflow Management 2015-12-14 16:12:00 UTC

SUSE-SU-2015:2168-2: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 941939,955131
CVE References: CVE-2015-0204,CVE-2015-0458,CVE-2015-0459,CVE-2015-0469,CVE-2015-0477,CVE-2015-0478,CVE-2015-0480,CVE-2015-0488,CVE-2015-0491,CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr3.20-18.1
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr3.20-18.1

Comment 26 Swamp Workflow Management 2016-01-13 21:11:18 UTC

SUSE-SU-2016:0113-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 955131,960286,960402
CVE References: CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4871,CVE-2015-4872,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4902,CVE-2015-4903,CVE-2015-4911,CVE-2015-5006
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    java-1_6_0-ibm-1.6.0_sr16.15-0.16.1

Comment 28 Swamp Workflow Management 2018-03-12 17:11:15 UTC

SUSE-SU-2018:0665-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1076390,1082810,929900,955131
CVE References: CVE-2018-2579,CVE-2018-2582,CVE-2018-2588,CVE-2018-2599,CVE-2018-2602,CVE-2018-2603,CVE-2018-2618,CVE-2018-2633,CVE-2018-2634,CVE-2018-2637,CVE-2018-2638,CVE-2018-2639,CVE-2018-2641,CVE-2018-2663,CVE-2018-2677,CVE-2018-2678
Sources used:
SUSE OpenStack Cloud 6 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Server 12-SP2 (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_8_0-ibm-1.8.0_sr5.10-30.16.1

Comment 29 Swamp Workflow Management 2018-03-15 17:08:52 UTC

SUSE-SU-2018:0694-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1057460,1076390,1082810,1085018,929900,955131,966304
CVE References: CVE-2018-2579,CVE-2018-2582,CVE-2018-2588,CVE-2018-2599,CVE-2018-2602,CVE-2018-2603,CVE-2018-2618,CVE-2018-2633,CVE-2018-2634,CVE-2018-2637,CVE-2018-2641,CVE-2018-2657,CVE-2018-2663,CVE-2018-2677,CVE-2018-2678
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.12.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.12.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.12.1
SUSE Linux Enterprise Server 12-SP2 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.12.1

Comment 30 Swamp Workflow Management 2018-03-19 17:09:54 UTC

SUSE-SU-2018:0743-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1057460,1076390,1082810,1085018,929900,955131,966304
CVE References: CVE-2018-2579,CVE-2018-2582,CVE-2018-2588,CVE-2018-2599,CVE-2018-2602,CVE-2018-2603,CVE-2018-2618,CVE-2018-2633,CVE-2018-2634,CVE-2018-2637,CVE-2018-2641,CVE-2018-2657,CVE-2018-2663,CVE-2018-2677,CVE-2018-2678
Sources used:
SUSE OpenStack Cloud 6 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Server 12-SP3 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Server 12-SP2 (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1
SUSE Linux Enterprise Server 12-LTSS (src):    java-1_7_1-ibm-1.7.1_sr4.20-38.16.1