openjdk-7 - security update

2016-08-0500:00:00

Google

osv.dev

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, denial of service or information disclosure.

For Debian 7 Wheezy, these problems have been fixed in version
7u111-2.6.7-1~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>

CPENameOperatorVersion
openjdk-7eq7u25-2.3.12-4
openjdk-7eq7u65-2.5.2-2
openjdk-7eq7u79-2.5.5-1~deb7u1
openjdk-7eq7u79-2.5.6-1~deb7u1
openjdk-7eq7u51-2.4.6~pre1-1
openjdk-7eq7u51-2.4.5-2
openjdk-7eq7u9-2.3.3-1
openjdk-7eq7u21-2.3.9-3
openjdk-7eq7u7-2.3.2-1
openjdk-7eq7u85-2.6.1-4

Name	Operator	Version
openjdk-7	eq	7u25-2.3.12-4
openjdk-7	eq	7u65-2.5.2-2
openjdk-7	eq	7u79-2.5.5-1~deb7u1
openjdk-7	eq	7u79-2.5.6-1~deb7u1
openjdk-7	eq	7u51-2.4.6~pre1-1
openjdk-7	eq	7u51-2.4.5-2
openjdk-7	eq	7u9-2.3.3-1
openjdk-7	eq	7u21-2.3.9-3
openjdk-7	eq	7u7-2.3.2-1
openjdk-7	eq	7u85-2.6.1-4