---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: SUSE update for Sun Java SECUNIA ADVISORY ID: SA27261 VERIFY ADVISORY: http://secunia.com/advisories/27261/ CRITICAL: Highly critical IMPACT: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux 10 http://secunia.com/product/6221/ SUSE Linux 10.1 http://secunia.com/product/10796/ openSUSE 10.2 http://secunia.com/product/13375/ openSUSE 10.3 http://secunia.com/product/16124/ SuSE Linux Desktop 1.x http://secunia.com/product/2002/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SOFTWARE: Novell Open Enterprise Server http://secunia.com/product/4664/ DESCRIPTION: SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system. For more information: SA27009 SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-1.5.0_update13-0.1.i586.rpm db79c4b7fefdedc43ae31216662089aa http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update13-0.1.i586.rpm aa911ba5a8c0e2fafd45e38164e4af0d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-demo-1.5.0_update13-0.1.i586.rpm 3dbd86f1ff61d0dde4de6b874252d0ae http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-devel-1.5.0_update13-0.1.i586.rpm 6f35206472e3e321c98e5b0338398525 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update13-0.1.i586.rpm bc934a367636b5eabaa18d0bceb66647 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update13-0.1.i586.rpm 7c4d3fe8bec5086f476e8f7d67519f1e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-sun-src-1.5.0_update13-0.1.i586.rpm 11c007724936143c8bd3081c7e113f31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-1.6.0.u3-0.1.i586.rpm a7a76e2199b7196d959322d1ede447e4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-alsa-1.6.0.u3-0.1.i586.rpm 6a0d9549ac0d234d1327060f847f00a2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-demo-1.6.0.u3-0.1.i586.rpm 521979eca3b309fe439218f548b18cf5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-devel-1.6.0.u3-0.1.i586.rpm d3fbb5c1cbf2b45e6d9de607182ffa0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-jdbc-1.6.0.u3-0.1.i586.rpm 88ab5ee341f989038c8b3e350b52025a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-sun-plugin-1.6.0.u3-0.1.i586.rpm 2eecb5bd39340350b884bbfce47cdbdd openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update16-0.1.i586.rpm a7efad3e5ad87bfb4f10809459b43b86 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update16-0.1.i586.rpm 0fafec8320d1afe966513f22d1473d6c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_update16-0.1.i586.rpm 88cfa97299aaac439cd41e5660f9ed44 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update16-0.1.i586.rpm d7209a3e6b987037f7ff73fce37618b4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update16-0.1.i586.rpm 4a9107905a31e33583c410830795c3cb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update16-0.1.i586.rpm 8c04bfaa1e59161e06b4c905b39f3740 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_update16-0.1.i586.rpm 2767ee2c20a1e82c9e92a429d57bbfc8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update13-0.1.i586.rpm 3e7f6fb52e64f0a1aa0b3bb4360941b1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update13-0.1.i586.rpm 666f310b8f72b7e8325a1b2bf3430cd9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_update13-0.1.i586.rpm b662b4746e76e2e80211f9b1530a0634 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update13-0.1.i586.rpm 9bb9d91771e91a5e468d844d0833b944 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update13-0.1.i586.rpm 79576c335b53b7645f4d034030fe364a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update13-0.1.i586.rpm 093e8507edd582053f97ae2c5292f11a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_update13-0.1.i586.rpm b09f8e8cdb00523fd2120260cfaf76ce SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.16-0.2.i586.rpm 85abbe35d4fe5b9d46806a30e5724765 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.16-0.2.i586.rpm 72a2101f9b44a80859fef741a9568335 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.16-0.2.i586.rpm f3da91699e32b8f4efed47ab1904deb1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.16-0.2.i586.rpm 63c3f1709c2ddf5c4c5fcf89943d3d4a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.16-0.2.i586.rpm d8cc04eff3e6d30750ef857de41faaa5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.16-0.2.i586.rpm 88b08a78c8c3428fba59b024e5ddf732 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.16-0.2.i586.rpm ab4ec1f49cf394491ea17a7bb9746b7b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_13-0.1.i586.rpm f6e8dacb468b9617ce46c5446705daf5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_13-0.1.i586.rpm 296a4397c28146a2387e4cfe9709c525 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_13-0.1.i586.rpm c01241555425922bc31dde995fa98fa9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_13-0.1.i586.rpm 7964aff93873c0713f55d2949febbff2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_13-0.1.i586.rpm 0a4a38a7d5cbfe00de8a939c894a0797 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_13-0.1.i586.rpm 60c0c9109cf701d1296bde511c62943b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_13-0.1.i586.rpm f963b9ed78462021302748ff118e63cf SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.16-0.1.i586.rpm 0b3bddd090547a8674d50562d58cee3e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.16-0.1.i586.rpm 9dee1984300abae07c056fd0b12bfb9a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.16-0.1.i586.rpm 11b0264e7ddde51586f86bc574e8d7d1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.16-0.1.i586.rpm d78f492982b2d6a4c9a1aba4adc8b6a0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.16-0.1.i586.rpm baacffd2da282a30ffb27fdc90252761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.16-0.1.i586.rpm be6892b45b38e800db814040ffe8d71f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.16-0.1.i586.rpm c292662e7104be22cbe7be03a326600b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_13-0.1.i586.rpm 74988aaca3b417bfa46a5d1b7427b5e7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_13-0.1.i586.rpm 593d088ee887455ee6343321458a967c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_13-0.1.i586.rpm a7c4737d11727f47d84b426bc78d0883 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_13-0.1.i586.rpm 29648a2a07b5b94d301adf7e4688cb84 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_13-0.1.i586.rpm f9ad29f623d6b7bea7eed82db8dc5fdc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_13-0.1.i586.rpm 126b66bce2f1d100fe04f5d69b4ed86d x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-1.5.0_update13-0.1.x86_64.rpm 2b3d17258e5c52c79736354025ccc3db http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update13-0.1.x86_64.rpm e7ac5c9bc69ff16adf73f96bd5340d75 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update13-0.1.x86_64.rpm 2e0a5db66a70d108f2b9f089909f4cd0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update13-0.1.x86_64.rpm 36e4a433ef8618bd16359d5688d6cbb1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update13-0.1.x86_64.rpm 967ac70d8e29fb54b59962efad59b422 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update13-0.1.x86_64.rpm ddd051b7bd431e71c1a95254d23fe1b9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0-sun-1.6.0.u3-0.1.x86_64.rpm 8db5de7456ea27a3d1b1406efde06cf9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0-sun-alsa-1.6.0.u3-0.1.x86_64.rpm 542661a072e69c76aeb7082e93f7e2be http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0-sun-demo-1.6.0.u3-0.1.x86_64.rpm 1bc5403185c10c4e8ba752f19f1e9230 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0-sun-devel-1.6.0.u3-0.1.x86_64.rpm 3e78ec6c9da25d00f8785212f524c4bc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0-sun-jdbc-1.6.0.u3-0.1.x86_64.rpm 77cee98b8e536b626f54f1184dd1ca70 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_update13-0.1.x86_64.rpm f49c281144167f7585352785eeed8b2c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update13-0.1.x86_64.rpm bb7f3c5019e3df98d43ef77ba4057ffb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update13-0.1.x86_64.rpm 78a5bacc4b2ffaf672be426d0ff4cb45 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update13-0.1.x86_64.rpm df154e99311eef828712f92bddc56493 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update13-0.1.x86_64.rpm 0536f4ad33b35890c5c7af2ea8bbdaef ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update13-0.1.x86_64.rpm 09bb7442b933182238dad1eac71aa2fd SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_13-0.1.x86_64.rpm f71266d1ccbd005af6e803cc984a5ae9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_13-0.1.x86_64.rpm d6fd39e09f164848b3b4c0e4daf14794 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_13-0.1.x86_64.rpm 44e66182712ab0ff589186bfef13624b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_13-0.1.x86_64.rpm d12f0248268dabeb02fe49871558bdea ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_13-0.1.x86_64.rpm 6a5198f6ac0559e74b414ea161029f8c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0_13-0.1.x86_64.rpm 0b688823b5ace814b3ad3ebc4d26b435 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-1.5.0_13-0.1.x86_64.rpm 633c0b9b9dac1c5257f4a2a1e4c0a566 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_13-0.1.x86_64.rpm f5d8a857bd44d2f7c5bb6039b6565a35 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_13-0.1.x86_64.rpm 7737177c66ea30965a6db96cac1091ef ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_13-0.1.x86_64.rpm 4116c82843731dcfa9bd1e945c636e56 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_13-0.1.x86_64.rpm 4cd8e3b461888d8aa89e03ce4f39deb7 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/java-1_5_0-sun-1.5.0_update13-0.1.nosrc.rpm 21b729da38aba2488f508f4cf86657ab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/java-1_6_0-sun-1.6.0.u3-0.1.nosrc.rpm c4f0c86f0b6e92b1cf8e60921db80f4d openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_4_2-sun-1.4.2_update16-0.1.nosrc.rpm 1ae678ae3f162787b90dc599791dfc01 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_5_0-sun-1.5.0_update13-0.1.nosrc.rpm 8c89054e3cb97b2f871b08816839428d SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_4_2-sun-1.4.2.16-0.2.nosrc.rpm bcc140caa84525ec7080a68a394b2b93 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_5_0-sun-1.5.0_13-0.1.nosrc.rpm db4f03f243b70ad7e153cfc655c8fd1c SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_4_2-sun-1.4.2.16-0.1.src.rpm a8d79480c516c205452dcf3f991ec509 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_5_0-sun-1.5.0_13-0.1.nosrc.rpm bea6119a5a9f6836600274d1992e7326 Maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.html ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html OTHER REFERENCES: SA27009: http://secunia.com/advisories/27009/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------