OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions...

java-1.8.0-openjdk security update

1:1.8.0.77-0.b03 - Remove what remains of the SunEC sources in the remove-intree-libraries script. - Resolves: rhbz1320661 1:1.8.0.77-0.b03 - Update to u77b03. - Drop 8146566 which is applied upstream. - Replace s390 Java options patch with general version from IcedTea. - Apply s390 patches...

SUSE-SU-2016:0770-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0636-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0433-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0401-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues by updating to 7.1-3.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following security issues by updating to 8.0-2.10 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision...

SUSE-SU-2016:0256-1 Security update for java-1_8_0-openjdk

java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2016:0067)

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

OpenJDK: logging of RMI connection secrets (JMX, 8130710)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX...

java-1.8.0-openjdk security update

1:1.8.0.71-2.b15 - Add md5sum for previous java.security file so it gets updated. - Resolves: rhbz1295753 1:1.8.0.71-1.b15 - Restore upstream version of system LCMS patch removed by 'sync with Fedora' - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves:...

Oracle Java FTC Settlement

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform. Since then, Oracle has improved the Java user experience by denying unsigned applets...

Oracle Ordered to Publicly Admit Misleading Java Security Updates

Security issues have long tantalized over 850 Million users that have Oracle's Java software installed on their computers. The worst thing is that the software was not fully updated or secure for years, exposing millions of PCs to attack. And for this reason, Oracle is now paying the price. Oracl...

SUSE-SU-2015:2166-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues: - Version update to 6.0-16.15 bsc955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882...

ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

JDK: local disclosure of kerberos credentials cache

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache...

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

JDK: local disclosure of kerberos credentials cache

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache...

JDK: local disclosure of kerberos credentials cache

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache...