suse-su-2016:1475-1
Vulnerability from csaf_suse
Published
2016-06-02 06:01
Modified
2016-06-02 06:01
Summary
Security update for java-1_8_0-ibm
Notes
Title of the patch
Security update for java-1_8_0-ibm
Description of the patch
This update for java-1_8_0-ibm fixes the following issues:
- IBM Java 80-3.0 released:
(bsc#977646 bsc#977648 bsc#977650 bsc#979252)
CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687
CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426
- There is no HtmlConverter and apt provided by jdk8 bsc#965665
Patchnames
SUSE-SLE-SDK-12-SP1-2016-876,SUSE-SLE-SERVER-12-SP1-2016-876
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_8_0-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThis update for java-1_8_0-ibm fixes the following issues: \n\n- IBM Java 80-3.0 released:\n (bsc#977646 bsc#977648 bsc#977650 bsc#979252)\n CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687\n CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426\n\n- There is no HtmlConverter and apt provided by jdk8 bsc#965665\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SDK-12-SP1-2016-876,SUSE-SLE-SERVER-12-SP1-2016-876",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1475-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1475-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161475-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1475-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-June/002090.html"
},
{
"category": "self",
"summary": "SUSE Bug 965665",
"url": "https://bugzilla.suse.com/965665"
},
{
"category": "self",
"summary": "SUSE Bug 977646",
"url": "https://bugzilla.suse.com/977646"
},
{
"category": "self",
"summary": "SUSE Bug 977648",
"url": "https://bugzilla.suse.com/977648"
},
{
"category": "self",
"summary": "SUSE Bug 977650",
"url": "https://bugzilla.suse.com/977650"
},
{
"category": "self",
"summary": "SUSE Bug 979252",
"url": "https://bugzilla.suse.com/979252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0264 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0363 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0376 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0686 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0687 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3422 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3426 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3427 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3443 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3449 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3449/"
}
],
"title": "Security update for java-1_8_0-ibm",
"tracking": {
"current_release_date": "2016-06-02T06:01:53Z",
"generator": {
"date": "2016-06-02T06:01:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1475-1",
"initial_release_date": "2016-06-02T06:01:53Z",
"revision_history": [
{
"date": "2016-06-02T06:01:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"product_id": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"product_id": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0264"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0264",
"url": "https://www.suse.com/security/cve/CVE-2016-0264"
},
{
"category": "external",
"summary": "SUSE Bug 977648 for CVE-2016-0264",
"url": "https://bugzilla.suse.com/977648"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-0264",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "low"
}
],
"title": "CVE-2016-0264"
},
{
"cve": "CVE-2016-0363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0363"
}
],
"notes": [
{
"category": "general",
"text": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0363",
"url": "https://www.suse.com/security/cve/CVE-2016-0363"
},
{
"category": "external",
"summary": "SUSE Bug 977650 for CVE-2016-0363",
"url": "https://bugzilla.suse.com/977650"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-0363",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "moderate"
}
],
"title": "CVE-2016-0363"
},
{
"cve": "CVE-2016-0376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0376"
}
],
"notes": [
{
"category": "general",
"text": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0376",
"url": "https://www.suse.com/security/cve/CVE-2016-0376"
},
{
"category": "external",
"summary": "SUSE Bug 977646 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/977646"
},
{
"category": "external",
"summary": "SUSE Bug 977650 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/977650"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/979252"
},
{
"category": "external",
"summary": "SUSE Bug 981057 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/981057"
},
{
"category": "external",
"summary": "SUSE Bug 981060 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/981060"
},
{
"category": "external",
"summary": "SUSE Bug 981087 for CVE-2016-0376",
"url": "https://bugzilla.suse.com/981087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "moderate"
}
],
"title": "CVE-2016-0376"
},
{
"cve": "CVE-2016-0686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0686"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0686",
"url": "https://www.suse.com/security/cve/CVE-2016-0686"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-0686",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-0686",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-0686"
},
{
"cve": "CVE-2016-0687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0687"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0687",
"url": "https://www.suse.com/security/cve/CVE-2016-0687"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-0687",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-0687",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-0687"
},
{
"cve": "CVE-2016-3422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3422"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3422",
"url": "https://www.suse.com/security/cve/CVE-2016-3422"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-3422",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-3422",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-3422"
},
{
"cve": "CVE-2016-3426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3426"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3426",
"url": "https://www.suse.com/security/cve/CVE-2016-3426"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-3426",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-3426",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-3426"
},
{
"cve": "CVE-2016-3427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3427"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3427",
"url": "https://www.suse.com/security/cve/CVE-2016-3427"
},
{
"category": "external",
"summary": "SUSE Bug 1011805 for CVE-2016-3427",
"url": "https://bugzilla.suse.com/1011805"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-3427",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-3427",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-3427"
},
{
"cve": "CVE-2016-3443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3443"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3443",
"url": "https://www.suse.com/security/cve/CVE-2016-3443"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-3443",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-3443",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-3443"
},
{
"cve": "CVE-2016-3449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3449"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3449",
"url": "https://www.suse.com/security/cve/CVE-2016-3449"
},
{
"category": "external",
"summary": "SUSE Bug 976340 for CVE-2016-3449",
"url": "https://bugzilla.suse.com/976340"
},
{
"category": "external",
"summary": "SUSE Bug 979252 for CVE-2016-3449",
"url": "https://bugzilla.suse.com/979252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-06-02T06:01:53Z",
"details": "important"
}
],
"title": "CVE-2016-3449"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…