[SECURITY] [DLA 833-1] linux security update

Package : linux Version : 3.2.84-2 CVE ID : CVE-2014-9888 CVE-2014-9895 CVE-2016-6786 CVE-2016-6787 CVE-2016-8405 CVE-2017-5549 CVE-2017-6001 CVE-2017-6074 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other...

CVE-2017-2351

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-797)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was...

Oracle Java SE and JRockit Remote Vulnerabilities

Oracle Java SE and JRockit are both products of Oracle Corporation. Java SE Java Platform Standard Edition is used for the development and deployment of Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle...

FBI Releases Article on Romance Scams

The Federal Bureau of Investigation FBI has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FBI article on Romance Scams and...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives ...

java security update

CentOS Errata and Security Advisory CESA-2017:0269 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives ...

OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)

It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170213)

Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0269 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit...

OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)

It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL...

Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes

The vulnerability of the Networking component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through network packets...

Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes

The vulnerability of the Java Platform’s networking software components is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to data through network packets...

Vulnerability of the Java Platform software platform, allowing attackers to modify data

The vulnerability of the Java Platform’s networking components is related to security configuration errors. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to modify, add, or delete data using network packets...

Google Android Kernel Networking Subsystem Remote Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. Google Android suffers from a remote elevated privilege vulnerability. An attacker exploits the vulnerability to execute arbitrary code with elevated privileges...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

Important: java-1.6.0-openjdk

Issue Overview: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

CVE-2017-3231

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...