Bug 962743 (CVE-2016-0402)

Summary: VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: astieger, fstrba, jsegitz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 960996    

Description Johannes Segitz 2016-01-20 10:50:11 UTC 
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

CVE-2016-0494: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2015-8126: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0483: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0475: Vulnerable up to Java 8u66
        (AV:N/AC:M/Au:N/C:P/I:P/A:N): 5.8
CVE-2016-0402: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:P/A:N): 5.0
CVE-2016-0466: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): 5.0
CVE-2016-0448: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:S/C:P/I:N/A:N): 4.0
CVE-2015-7575: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:H/Au:N/C:P/I:P/A:N): 4.0
Comment 1 Swamp Workflow Management 2016-01-20 23:00:53 UTC 
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2016-01-22 17:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355421 Factory / java-1_7_0-openjdk
https://build.opensuse.org/request/show/355424 13.2 / java-1_7_0-openjdk
Comment 6 Bernhard Wiedemann 2016-01-22 18:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355429 13.1 / java-1_7_0-openjdk
Comment 8 Bernhard Wiedemann 2016-01-25 09:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355689 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355691 13.2 / java-1_8_0-openjdk
Comment 10 Bernhard Wiedemann 2016-01-25 13:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355737 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355739 13.2 / java-1_8_0-openjdk
Comment 11 Bernhard Wiedemann 2016-01-25 14:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355743 42.1 / java-1_8_0-openjdk
Comment 12 Andreas Stieger 2016-01-25 15:59:18 UTC 
All submissions received. 

on openSUSE Leap 42.1, java-1_8_0-openjdk will received updates from SUSE:SLE-12-SP1:Update going forward.
Comment 13 Swamp Workflow Management 2016-01-27 14:14:03 UTC 
SUSE-SU-2016:0256-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0475,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2
Comment 14 Andreas Stieger 2016-01-27 16:37:46 UTC 
Releasing updates
Comment 15 Swamp Workflow Management 2016-01-27 20:11:47 UTC 
openSUSE-SU-2016:0263-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_8_0-openjdk-1.8.0.72-21.1
Comment 16 Swamp Workflow Management 2016-01-27 20:12:43 UTC 
SUSE-SU-2016:0265-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Server 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
Comment 17 Swamp Workflow Management 2016-01-27 20:14:01 UTC 
openSUSE-SU-2016:0268-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_7_0-openjdk-1.7.0.95-16.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-16.1
Comment 18 Swamp Workflow Management 2016-01-27 20:14:35 UTC 
SUSE-SU-2016:0269-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
Comment 19 Swamp Workflow Management 2016-01-27 20:15:10 UTC 
openSUSE-SU-2016:0270-1: An update that fixes 32 vulnerabilities is now available.

Category: security (critical)
Bug References: 951376,960996,962743
CVE References: CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4868,CVE-2015-4872,CVE-2015-4881,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4901,CVE-2015-4902,CVE-2015-4903,CVE-2015-4906,CVE-2015-4908,CVE-2015-4911,CVE-2015-4916,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_8_0-openjdk-1.8.0.72-6.1
Comment 20 Swamp Workflow Management 2016-01-28 00:11:51 UTC 
openSUSE-SU-2016:0272-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 939523,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.1 (src):    java-1_7_0-openjdk-1.7.0.95-24.27.1
Comment 21 Swamp Workflow Management 2016-01-28 19:11:41 UTC 
openSUSE-SU-2016:0279-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_7_0-openjdk-1.7.0.95-25.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-25.1