Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 3 Fix Pack 22 8.0.3-22 used by IBM Streams. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An...

OpenJDK: GTK library loading use-after-free (AWT, 8185325)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: GTK library loading use-after-free (AWT, 8185325)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with...

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...