Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-654
HistoryFeb 19, 2016 - 3:48 p.m.

Important: java-1.6.0-openjdk

2016-02-1915:48:00
alas.aws.amazon.com
25

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.3%

JSON

Issue Overview:

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483)

An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466)

Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448)

Affected Packages:

java-1.6.0-openjdk

Issue Correction:
Run yum update java-1.6.0-openjdk to update your system.

New Packages:

i686:  
    java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.73.amzn1.i686  
    java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.73.amzn1.i686  
    java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.73.amzn1.i686  
    java-1.6.0-openjdk-1.6.0.38-1.13.10.0.73.amzn1.i686  
    java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.73.amzn1.i686  
    java-1.6.0-openjdk-debuginfo-1.6.0.38-1.13.10.0.73.amzn1.i686  
  
src:  
    java-1.6.0-openjdk-1.6.0.38-1.13.10.0.73.amzn1.src  
  
x86_64:  
    java-1.6.0-openjdk-1.6.0.38-1.13.10.0.73.amzn1.x86_64  
    java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.73.amzn1.x86_64  
    java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.73.amzn1.x86_64  
    java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.73.amzn1.x86_64  
    java-1.6.0-openjdk-debuginfo-1.6.0.38-1.13.10.0.73.amzn1.x86_64  
    java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.73.amzn1.x86_64

Additional References

Red Hat: CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494

Mitre: CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686java-1.6.0-openjdk-javadoc< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1i686java-1.6.0-openjdk-demo< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1i686java-1.6.0-openjdk-src< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1i686java-1.6.0-openjdk< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1i686java-1.6.0-openjdk-devel< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1i686java-1.6.0-openjdk-debuginfo< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-debuginfo-1.6.0.38-1.13.10.0.73.amzn1.i686.rpm
Amazon Linux1x86_64java-1.6.0-openjdk< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-1.6.0.38-1.13.10.0.73.amzn1.x86_64.rpm
Amazon Linux1x86_64java-1.6.0-openjdk-javadoc< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-javadoc-1.6.0.38-1.13.10.0.73.amzn1.x86_64.rpm
Amazon Linux1x86_64java-1.6.0-openjdk-demo< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-demo-1.6.0.38-1.13.10.0.73.amzn1.x86_64.rpm
Amazon Linux1x86_64java-1.6.0-openjdk-src< 1.6.0.38-1.13.10.0.73.amzn1java-1.6.0-openjdk-src-1.6.0.38-1.13.10.0.73.amzn1.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 54
openvas 47
oraclelinux 5
ubuntu 2
centos 5
redhat 12
debian 3
mageia 1
amazon 2
veracode 5
f5 4
ibm 40
suse 16
osv 1
aix 1
kaspersky 1
nessus
nessus
Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2016-0067)
2016-01-27 00:00:00
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:0067)
2016-01-27 00:00:00
Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2885-1)
2016-02-02 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-654)
2016-03-08 00:00:00
CentOS Update for java CESA-2016:0067 centos7
2016-01-27 00:00:00
Oracle: Security Advisory (ELSA-2016-0067)
2016-01-27 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2016-01-26 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
java-1.7.0-openjdk security update
2016-01-21 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
centos
centos
java security update
2016-01-26 13:28:19
java security update
2016-01-21 16:24:45
java security update
2016-01-21 17:19:22
redhat
redhat
(RHSA-2016:0067) Important: java-1.6.0-openjdk security update
2016-01-26 00:00:00
(RHSA-2016:0054) Important: java-1.7.0-openjdk security update
2016-01-21 00:00:00
(RHSA-2016:0053) Critical: java-1.7.0-openjdk security update
2016-01-21 00:00:00
debian
debian
[SECURITY] [DSA 3465-1] openjdk-6 security update
2016-02-02 21:31:52
[SECURITY] [DSA 3458-1] openjdk-7 security update
2016-01-27 21:00:48
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
mageia
mageia
Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability
2016-02-05 20:26:09
amazon
amazon
Important: java-1.7.0-openjdk
2016-02-09 13:30:00
Important: java-1.8.0-openjdk
2016-02-09 13:30:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
f5
f5
K65342329 : Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL65342329 - Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
K50118123 : Java vulnerabilities CVE-2016-0466 and CVE-2016-0483
2016-04-05 00:00:00
ibm
ibm
Security Bulletin:Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494, CVE-2015-7575)
2018-06-16 13:38:49
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)
2018-06-17 05:09:15
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)
2018-06-17 05:09:15
suse
suse
Security update for java-1_8_0-openjdk (critical)
2016-01-27 21:11:29
Security update for java-1_7_0-openjdk (critical)
2016-01-27 21:12:13
Security update for java-1_7_0-openjdk (critical)
2016-01-27 21:13:32
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57
kaspersky
kaspersky
KLA10743 Multiple vulnerabilities in Oracle Java SE
2016-01-20 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.3%

JSON
Related for ALAS-2016-654
nessus54openvas47oraclelinux5ubuntu2centos5redhat12debian3mageia1amazon2veracode5f54ibm40suse16osv1aix1kaspersky1