This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937)

  - CVE-2015-5041: Could could have invoked non-public     interface methods under certain circumstances

  - CVE-2015-7575: The TLS protocol could allow weaker than     expected security caused by a collision attack when     using the MD5 hash function for signing a     ServerKeyExchange message during a TLS handshake. An     attacker could exploit this vulnerability using     man-in-the-middle techniques to impersonate a TLS server     and obtain credentials

  - CVE-2015-7981: libpng could allow a remote attacker to     obtain sensitive information, caused by an out-of-bounds     read in the png_convert_to_rfc1123 function. An attacker     could exploit this vulnerability to obtain sensitive     information

  - CVE-2015-8126: buffer overflow in libpng caused by     improper bounds checking by the png_set_PLTE() and     png_get_PLTE() functions

  - CVE-2015-8472: buffer overflow in libpng caused by     improper bounds checking by the png_set_PLTE() and     png_get_PLTE() functions

  - CVE-2015-8540: libpng is vulnerable to a buffer     overflow, caused by a read underflow in     png_check_keyword in pngwutil.c. By sending an overly     long argument, a remote attacker could overflow a buffer     and execute arbitrary code on the system or cause the     application to crash.

  - CVE-2016-0402: An unspecified vulnerability related to     the Networking component has no confidentiality impact,     partial integrity impact, and no availability impact

  - CVE-2016-0448: An unspecified vulnerability related to     the JMX component could allow a remote attacker to     obtain sensitive information

  - CVE-2016-0466: An unspecified vulnerability related to     the JAXP component could allow a remote attacker to     cause a denial of service

  - CVE-2016-0483: An unspecified vulnerability related to     the AWT component has complete confidentiality impact,     complete integrity impact, and complete availability     impact

  - CVE-2016-0494: An unspecified vulnerability related to     the 2D component has complete confidentiality impact,     complete integrity impact, and complete availability     impact

The following bugs were fixed :

  - bsc#960402: resolve package conflicts in devel package

  - bsc#960286: resolve package conflicts in the fonts     subpackage

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0428-1) (SLOTH)

critical Nessus Plugin ID 119974

Version 1.5