Lucene search

K
centosCentOS ProjectCESA-2016:0511
HistoryMar 25, 2016 - 3:42 a.m.

java security update

2016-03-2503:42:05
CentOS Project
lists.centos.org
59

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.7%

CentOS Errata and Security Advisory CESA-2016:0511

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment
and the OpenJDK 7 Java Software Development Kit for compiling and executing Java
programs.

Security Fix(es):

  • An improper type safety check was discovered in the Hotspot component. An
    untrusted Java application or applet could use this flaw to bypass Java Sandbox
    restrictions. (CVE-2016-0636)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-March/083934.html

Affected packages:
java-1.7.0-openjdk
java-1.7.0-openjdk-demo
java-1.7.0-openjdk-devel
java-1.7.0-openjdk-javadoc
java-1.7.0-openjdk-src

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0511

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.7%