SUSE-SU-2017:1444-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1444-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2017:1444-1
- Related
- Published
- 2017-05-30T11:19:09Z
- Modified
- 2017-05-30T11:19:09Z
- Summary
- Security update for java-1_6_0-ibm
- Details
-
This update for java-160-ibm fixes the following issues:
- CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c
- CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c
- CVE-2016-9842: zlib: Undefined left shift of negative number
- CVE-2016-9843: zlib: Big-endian out-of-bounds pointer
- CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data
- CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections
- CVE-2017-3539: OpenJDK: MD5 allowed for jar verification
- CVE-2017-3533: OpenJDK: newline injection in the FTP client
CVE-2017-3544: OpenJDK: newline injection in the SMTP client
- Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20171444-1/
- https://bugzilla.suse.com/1027038
- https://bugzilla.suse.com/1038505
- https://www.suse.com/security/cve/CVE-2016-2183
- https://www.suse.com/security/cve/CVE-2016-9840
- https://www.suse.com/security/cve/CVE-2016-9841
- https://www.suse.com/security/cve/CVE-2016-9842
- https://www.suse.com/security/cve/CVE-2016-9843
- https://www.suse.com/security/cve/CVE-2017-1289
- https://www.suse.com/security/cve/CVE-2017-3509
- https://www.suse.com/security/cve/CVE-2017-3514
- https://www.suse.com/security/cve/CVE-2017-3533
- https://www.suse.com/security/cve/CVE-2017-3539
- https://www.suse.com/security/cve/CVE-2017-3544
Affected packages
SUSE:Linux Enterprise Point of Sale 11 SP3 / java-1_6_0-ibm
Package
- Name
- java-1_6_0-ibm
- Purl
- purl:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.0_sr16.45-84.1
Ecosystem specific
{
"binaries": [
{
"java-1_6_0-ibm-jdbc": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-alsa": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-fonts": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-devel": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-plugin": "1.6.0_sr16.45-84.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP3-LTSS / java-1_6_0-ibm
Package
- Name
- java-1_6_0-ibm
- Purl
- purl:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.0_sr16.45-84.1
Ecosystem specific
{
"binaries": [
{
"java-1_6_0-ibm-jdbc": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-alsa": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-fonts": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-devel": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-plugin": "1.6.0_sr16.45-84.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP3-TERADATA / java-1_6_0-ibm
Package
- Name
- java-1_6_0-ibm
- Purl
- purl:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.0_sr16.45-84.1
Ecosystem specific
{
"binaries": [
{
"java-1_6_0-ibm-jdbc": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-alsa": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-fonts": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-devel": "1.6.0_sr16.45-84.1",
"java-1_6_0-ibm-plugin": "1.6.0_sr16.45-84.1"
}
]
}