Bugzilla – Bug 938895
VUL-0: java-1_5_0-ibm,java-1_6_0-ibm,java-1_7_0-ibm,java-1_7_1-ibm: IBM July 2015 Java update
Last modified: 2020-04-01 22:14:42 UTC
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2015 IBM fixes the security issues fixed in Oracle Java as applicable and one additional issue specific to IBM java (CVE-2015-1931). Security issues by package: java-1_7_0-ibm - CVE-2015-1931 - CVE-2015-2638 - CVE-2015-4733 - CVE-2015-4732 - CVE-2015-2590 - CVE-2015-4731 - CVE-2015-4760 - CVE-2015-4748 - CVE-2015-2664 - CVE-2015-2632 - CVE-2015-2637 - CVE-2015-2619 - CVE-2015-2621 - CVE-2015-2613 - CVE-2015-2601 - CVE-2015-4749 - CVE-2015-4000 - CVE-2015-4729 - CVE-2015-2808 - CVE-2015-2625 java-1_7_1-ibm - CVE-2015-1931 - CVE-2015-2638 - CVE-2015-4733 - CVE-2015-4732 - CVE-2015-2590 - CVE-2015-4731 - CVE-2015-4760 - CVE-2015-4748 - CVE-2015-2664 - CVE-2015-2632 - CVE-2015-2637 - CVE-2015-2619 - CVE-2015-2621 - CVE-2015-2613 - CVE-2015-2601 - CVE-2015-4749 - CVE-2015-4000 - CVE-2015-4729 - CVE-2015-2808 - CVE-2015-2625 java-1_6_0-ibm - CVE-2015-1931 - CVE-2015-2638 - CVE-2015-4733 - CVE-2015-4732 - CVE-2015-2590 - CVE-2015-4731 - CVE-2015-4760 - CVE-2015-4748 - CVE-2015-2664 - CVE-2015-2632 - CVE-2015-2637 - CVE-2015-2621 - CVE-2015-2601 - CVE-2015-4749 - CVE-2015-4000 - CVE-2015-2808 - CVE-2015-2625 References: https://bugzilla.redhat.com/show_bug.cgi?id=1244828 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1931
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-07-28. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62226
CVE-2015-4000 is bug 931600
CVE-2015-2808 is bug 925378 (RC4)
Atm it ain't downloadable, will try tomorrow: https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=swg-sdk6&S_PKG=amd64_6.0.16.7&S_TACT=105AGX05&S_CMP=JDK HTTP Error 500: Internal Server Error https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=swg-sdk8&S_PKG=amd64_8.0.1.10&S_TACT=105AGX05&S_CMP=JDK HTTP Error 500: Internal Server Error
Also java-1_5_0-ibm - CVE-2015-1931 - CVE-2015-2638 - CVE-2015-4733 - CVE-2015-4732 - CVE-2015-2590 - CVE-2015-4731 - CVE-2015-4760 - CVE-2015-4748 - CVE-2015-2664 - CVE-2015-2632 - CVE-2015-2637 - CVE-2015-2621 - CVE-2015-2601 - CVE-2015-4749 - CVE-2015-4000 - CVE-2015-2808
(In reply to Johannes Segitz from comment #5) > Also java-1_5_0-ibm . fyi ... with regard to the updated IBM Java "5.0.16.13" as outlined at http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_July_14_2015_CPU please note that there will be no further Java 5 updates on DeveloperWorks because of the Sept 2015 EOS date for IBM Java 5 ... . ... so to pick up 5.0.16.13 you will need to go to Fix Central: http://www-933.ibm.com/support/fixcentral/ . ... as an example here is a link to the fixpack for Linux 64-bit,zSeries: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=5.0.16.13&platform=Linux+64-bit,zSeries&function=aparId&apars=IV75129 .
(In reply to Hanns-Joachim Uhl from comment #6) > (In reply to Johannes Segitz from comment #5) > > Also java-1_5_0-ibm > . > fyi ... with regard to the updated IBM Java "5.0.16.13" as outlined at > http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_July_14_2015_CPU > please note that there will be no further Java 5 updates on DeveloperWorks > because of the Sept 2015 EOS date for IBM Java 5 ... > . > ... so to pick up 5.0.16.13 you will need to go to Fix Central: > http://www-933.ibm.com/support/fixcentral/ > . > ... as an example here is a link to the fixpack for Linux 64-bit,zSeries: > http://www-933.ibm.com/support/fixcentral/swg/ > selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/ > Java+Standard+Edition+%28Java+SE%29&release=5.0.16.13&platform=Linux+64-bit, > zSeries&function=aparId&apars=IV75129 > . Hm, when I tried to download this I failed because on using our arcane login it said it has not verified email address, which I dunno what was anyway, so I will have to create new account. (will do tomorrow) Slightly unrelated question: Do you have to redesign/tweak the wepage for regular downlaod with almost each release of ibmjava? I have to usually 1-2 hours tweaking the download scrapper just to get the resulting ~20 .bin files? Not having to go over 4 pages formular checking that "no I don't want to get promo materials" everytime is quite not what I would consider fun. Even with the two hours editing I consider it less pain than this form clicking :) Great solution would be if you guys set-up ftp for partners only where we could simply fetch the files and bypass this lovely download mechanisms.
bugbot adjusting priority
I am unable to download 7.0-9.10 for s390. It is not available on the page: https://www.ibm.com/services/forms/preLogin.do?source=swg-sdk7&S_PKG=zseries31_7.0.9.10&S_TACT=105AGX05&S_CMP=JDK
(In reply to Hanns-Joachim Uhl from comment #6) > (In reply to Johannes Segitz from comment #5) > > Also java-1_5_0-ibm > . > fyi ... with regard to the updated IBM Java "5.0.16.13" as outlined at > http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_July_14_2015_CPU > please note that there will be no further Java 5 updates on DeveloperWorks > because of the Sept 2015 EOS date for IBM Java 5 ... > . > ... so to pick up 5.0.16.13 you will need to go to Fix Central: > http://www-933.ibm.com/support/fixcentral/ > . > ... as an example here is a link to the fixpack for Linux 64-bit,zSeries: > http://www-933.ibm.com/support/fixcentral/swg/ > selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/ > Java+Standard+Edition+%28Java+SE%29&release=5.0.16.13&platform=Linux+64-bit, > zSeries&function=aparId&apars=IV75129 > . I am unable to register new account for the fixcentral. When I click on the IBM My ID I get e-mail confirmation with link (and token) and that shows only blank empty page... 1.7.1 1.6.0 and 1.8.0 are updated in devel:ibmjava.
Today I managed to get ibmjava 1.5.0 so we have it again in Devel:ibmjava. The 7.0 series s390 is nowhere to be found per c#9 -> we can't do jdk7 update. @security: should we wait or should I submit the rest right away?
(In reply to Tomáš Chvátal from comment #11) Please submit right away since we don't know how long this will take
All submissions done except the 1.7.0 which has missing s390 binary installer. Let me know if you wish some other platform too.
(In reply to Tomáš Chvátal from comment #11) > Today I managed to get ibmjava 1.5.0 so we have it again in Devel:ibmjava. > > The 7.0 series s390 is nowhere to be found per c#9 -> we can't do jdk7 > update. > . Hello SUSE / Tomas, ... I just got the notice that the 31-bit version for System z for "IBM SDK, Java Technology Edition, Version 7, Service Refresh 9 Fix Pack 10" is now available from developerworks at e.g. from https://www-01.ibm.com/marketing/iwm/iwm/web/acceptSignup.do?source=swg-sdk7&S_PKG=zseries31_7.0.9.10&S_TACT=105AGX05&S_CMP=JDK&lang=en_US .. ... can you please check from your side whether this is working for you ..? Please advise .. Thanks in advance for your support.
SUSE-SU-2015:1329-1: An update that fixes 20 vulnerabilities is now available. Category: security (important) Bug References: 935540,938895 CVE References: CVE-2015-1931,CVE-2015-2590,CVE-2015-2601,CVE-2015-2613,CVE-2015-2619,CVE-2015-2621,CVE-2015-2625,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4729,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): java-1_7_1-ibm-1.7.1_sr3.10-3.1 SUSE Linux Enterprise Server 11-SP4 (src): java-1_7_1-ibm-1.7.1_sr3.10-3.1
------- Comment From hannsj_uhl@de.ibm.com 2015-08-03 09:13 EDT------- . ------- Comment From hannsj_uhl@de.ibm.com 2015-08-04 06:07 EDT------- .
SUSE-SU-2015:1345-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 935540,936844,938895 CVE References: CVE-2015-1931,CVE-2015-2590,CVE-2015-2601,CVE-2015-2621,CVE-2015-2625,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760 Sources used: SUSE Linux Enterprise Module for Legacy Software 12 (src): java-1_6_0-ibm-1.6.0_sr16.7-22.2
SUSE-SU-2015:1375-1: An update that fixes 21 vulnerabilities is now available. Category: security (important) Bug References: 935540,938895 CVE References: CVE-2015-0192,CVE-2015-1931,CVE-2015-2590,CVE-2015-2601,CVE-2015-2613,CVE-2015-2619,CVE-2015-2621,CVE-2015-2625,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4729,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP3 (src): java-1_7_0-ibm-1.7.0_sr9.10-9.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): java-1_7_0-ibm-1.7.0_sr9.10-9.1 SUSE Linux Enterprise Server 11-SP3 (src): java-1_7_0-ibm-1.7.0_sr9.10-9.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): java-1_7_0-ibm-1.7.0_sr9.10-9.1
all released I thinkl
SUSE-SU-2015:1509-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 935540,936844,938895,941939 CVE References: CVE-2015-1931,CVE-2015-2590,CVE-2015-2601,CVE-2015-2621,CVE-2015-2625,CVE-2015-2632,CVE-2015-2637,CVE-2015-2638,CVE-2015-2664,CVE-2015-2808,CVE-2015-4000,CVE-2015-4731,CVE-2015-4732,CVE-2015-4733,CVE-2015-4748,CVE-2015-4749,CVE-2015-4760 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP3 (src): java-1_6_0-ibm-1.6.0_sr16.7-10.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): java-1_6_0-ibm-1.6.0_sr16.7-10.1 SUSE Linux Enterprise Server 11-SP3 (src): java-1_6_0-ibm-1.6.0_sr16.7-10.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): java-1_6_0-ibm-1.6.0_sr16.7-10.1 SUSE Linux Enterprise Server 11-SP1-LTSS (src): java-1_6_0-ibm-1.6.0_sr16.7-10.1
*** Bug 939382 has been marked as a duplicate of this bug. ***