962743 – (CVE-2016-0402) VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug

Bug 962743 (CVE-2016-0402) - VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug

Summary: VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug

Status:	RESOLVED FIXED

Alias:	CVE-2016-0402

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2015-7575
	Show dependency tree / graph

Clone This Bug

Reported:	2016-01-20 10:50 UTC by Johannes Segitz
Modified:	2016-04-27 19:50 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-01-20 10:50:11 UTC

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

CVE-2016-0494: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2015-8126: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0483: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0475: Vulnerable up to Java 8u66
        (AV:N/AC:M/Au:N/C:P/I:P/A:N): 5.8
CVE-2016-0402: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:P/A:N): 5.0
CVE-2016-0466: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): 5.0
CVE-2016-0448: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:S/C:P/I:N/A:N): 4.0
CVE-2015-7575: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:H/Au:N/C:P/I:P/A:N): 4.0

Comment 1 Swamp Workflow Management 2016-01-20 23:00:53 UTC

bugbot adjusting priority

Comment 4 Bernhard Wiedemann 2016-01-22 17:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355421 Factory / java-1_7_0-openjdk
https://build.opensuse.org/request/show/355424 13.2 / java-1_7_0-openjdk

Comment 6 Bernhard Wiedemann 2016-01-22 18:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355429 13.1 / java-1_7_0-openjdk

Comment 8 Bernhard Wiedemann 2016-01-25 09:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355689 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355691 13.2 / java-1_8_0-openjdk

Comment 10 Bernhard Wiedemann 2016-01-25 13:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355737 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355739 13.2 / java-1_8_0-openjdk

Comment 11 Bernhard Wiedemann 2016-01-25 14:00:16 UTC

This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355743 42.1 / java-1_8_0-openjdk

Comment 12 Andreas Stieger 2016-01-25 15:59:18 UTC

All submissions received. 

on openSUSE Leap 42.1, java-1_8_0-openjdk will received updates from SUSE:SLE-12-SP1:Update going forward.

Comment 13 Swamp Workflow Management 2016-01-27 14:14:03 UTC

SUSE-SU-2016:0256-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0475,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2

Comment 14 Andreas Stieger 2016-01-27 16:37:46 UTC

Releasing updates

Comment 15 Swamp Workflow Management 2016-01-27 20:11:47 UTC

openSUSE-SU-2016:0263-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_8_0-openjdk-1.8.0.72-21.1

Comment 16 Swamp Workflow Management 2016-01-27 20:12:43 UTC

SUSE-SU-2016:0265-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Server 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2

Comment 17 Swamp Workflow Management 2016-01-27 20:14:01 UTC

openSUSE-SU-2016:0268-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_7_0-openjdk-1.7.0.95-16.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-16.1

Comment 18 Swamp Workflow Management 2016-01-27 20:14:35 UTC

SUSE-SU-2016:0269-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2

Comment 19 Swamp Workflow Management 2016-01-27 20:15:10 UTC

openSUSE-SU-2016:0270-1: An update that fixes 32 vulnerabilities is now available.

Category: security (critical)
Bug References: 951376,960996,962743
CVE References: CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4868,CVE-2015-4872,CVE-2015-4881,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4901,CVE-2015-4902,CVE-2015-4903,CVE-2015-4906,CVE-2015-4908,CVE-2015-4911,CVE-2015-4916,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_8_0-openjdk-1.8.0.72-6.1

Comment 20 Swamp Workflow Management 2016-01-28 00:11:51 UTC

openSUSE-SU-2016:0272-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 939523,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.1 (src):    java-1_7_0-openjdk-1.7.0.95-24.27.1

Comment 21 Swamp Workflow Management 2016-01-28 19:11:41 UTC

openSUSE-SU-2016:0279-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_7_0-openjdk-1.7.0.95-25.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-25.1