Bug 962743 - (CVE-2016-0402) VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug
(CVE-2016-0402)
VUL-0: Oracle Critical Patch Update Advisory - January 2016 tracker bug
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Critical
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks: CVE-2015-7575
  Show dependency treegraph
 
Reported: 2016-01-20 10:50 UTC by Johannes Segitz
Modified: 2016-04-27 19:50 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-01-20 10:50:11 UTC
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

CVE-2016-0494: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2015-8126: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0483: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:C/I:C/A:C): 10.0
CVE-2016-0475: Vulnerable up to Java 8u66
        (AV:N/AC:M/Au:N/C:P/I:P/A:N): 5.8
CVE-2016-0402: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:P/A:N): 5.0
CVE-2016-0466: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:N/C:N/I:N/A:P): 5.0
CVE-2016-0448: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:L/Au:S/C:P/I:N/A:N): 4.0
CVE-2015-7575: Vulnerable up to Java 6u105, 7u91, 8u66
        (AV:N/AC:H/Au:N/C:P/I:P/A:N): 4.0
Comment 1 Swamp Workflow Management 2016-01-20 23:00:53 UTC
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2016-01-22 17:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355421 Factory / java-1_7_0-openjdk
https://build.opensuse.org/request/show/355424 13.2 / java-1_7_0-openjdk
Comment 6 Bernhard Wiedemann 2016-01-22 18:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355429 13.1 / java-1_7_0-openjdk
Comment 8 Bernhard Wiedemann 2016-01-25 09:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355689 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355691 13.2 / java-1_8_0-openjdk
Comment 10 Bernhard Wiedemann 2016-01-25 13:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355737 Factory / java-1_8_0-openjdk
https://build.opensuse.org/request/show/355739 13.2 / java-1_8_0-openjdk
Comment 11 Bernhard Wiedemann 2016-01-25 14:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (962743) was mentioned in
https://build.opensuse.org/request/show/355743 42.1 / java-1_8_0-openjdk
Comment 12 Andreas Stieger 2016-01-25 15:59:18 UTC
All submissions received. 

on openSUSE Leap 42.1, java-1_8_0-openjdk will received updates from SUSE:SLE-12-SP1:Update going forward.
Comment 13 Swamp Workflow Management 2016-01-27 14:14:03 UTC
SUSE-SU-2016:0256-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0475,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_8_0-openjdk-1.8.0.72-3.2
Comment 14 Andreas Stieger 2016-01-27 16:37:46 UTC
Releasing updates
Comment 15 Swamp Workflow Management 2016-01-27 20:11:47 UTC
openSUSE-SU-2016:0263-1: An update that fixes 8 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_8_0-openjdk-1.8.0.72-21.1
Comment 16 Swamp Workflow Management 2016-01-27 20:12:43 UTC
SUSE-SU-2016:0265-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Server 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
SUSE Linux Enterprise Desktop 12 (src):    java-1_7_0-openjdk-1.7.0.95-24.2
Comment 17 Swamp Workflow Management 2016-01-27 20:14:01 UTC
openSUSE-SU-2016:0268-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.2 (src):    java-1_7_0-openjdk-1.7.0.95-16.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-16.1
Comment 18 Swamp Workflow Management 2016-01-27 20:14:35 UTC
SUSE-SU-2016:0269-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
SUSE Linux Enterprise Desktop 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    java-1_7_0-openjdk-1.7.0.95-0.17.2
Comment 19 Swamp Workflow Management 2016-01-27 20:15:10 UTC
openSUSE-SU-2016:0270-1: An update that fixes 32 vulnerabilities is now available.

Category: security (critical)
Bug References: 951376,960996,962743
CVE References: CVE-2015-4734,CVE-2015-4803,CVE-2015-4805,CVE-2015-4806,CVE-2015-4810,CVE-2015-4835,CVE-2015-4840,CVE-2015-4842,CVE-2015-4843,CVE-2015-4844,CVE-2015-4860,CVE-2015-4868,CVE-2015-4872,CVE-2015-4881,CVE-2015-4882,CVE-2015-4883,CVE-2015-4893,CVE-2015-4901,CVE-2015-4902,CVE-2015-4903,CVE-2015-4906,CVE-2015-4908,CVE-2015-4911,CVE-2015-4916,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_8_0-openjdk-1.8.0.72-6.1
Comment 20 Swamp Workflow Management 2016-01-28 00:11:51 UTC
openSUSE-SU-2016:0272-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 939523,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE 13.1 (src):    java-1_7_0-openjdk-1.7.0.95-24.27.1
Comment 21 Swamp Workflow Management 2016-01-28 19:11:41 UTC
openSUSE-SU-2016:0279-1: An update that fixes 9 vulnerabilities is now available.

Category: security (critical)
Bug References: 939523,960996,962743
CVE References: CVE-2015-4871,CVE-2015-7575,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2016-0466,CVE-2016-0483,CVE-2016-0494
Sources used:
openSUSE Leap 42.1 (src):    java-1_7_0-openjdk-1.7.0.95-25.1, java-1_7_0-openjdk-bootstrap-1.7.0.95-25.1