SUSE-SU-2016:1997-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)

This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking boo989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only boo989734 -...

UBUNTU-CVE-2016-3606

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot...

java-1.8.0-openjdk security update

1:1.8.0.101-3.b13 - Replace bad 8159244 patch from upstream 8u with fresh backport from OpenJDK 9. - Resolves: rhbz1350034 1:1.8.0.101-2.b13 - Add missing hunk from 8147771, missed due to inclusion of unneeded 8138811 - Resolves: rhbz1350034 1:1.8.0.101-1.b13 - Add workaround for a typo in the...

JDK: local disclosure of kerberos credentials cache

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk fixes the following security issues - April 2016 Oracle CPU bsc976340: - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified...

SUSE-SU-2016:1250-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency bsc976340. - CVE-2016-0687: Better byte behavior bsc976340. - CVE-2016-0695: Make DSA more fair bsc976340. - CVE-2016-3425: Better buffering o...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions CVE-2016-0686, CVE-2016-0687. It wa...

java-1.7.0-openjdk security update

1:1.7.0.101-2.6.6.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.101-2.6.6.1 - added Patch666 fontpath.patch to fix tck regressions - Resolves: rhbz1325425 1:1.7.0.101-2.6.6.0 - Fix ztos handling in templateTableppc64.cpp to be same as others in 7. - Resolves: rhbz1325425 1:1.7.0.101-2.6.6.0 - Bum...

java-1.8.0-openjdk security update

1:1.8.0.91-1.b03 - Update to u91b14. - Resolves: rhbz1325420...

java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: java-170-openjdk was updated to 2.6.5 - OpenJDK 7u99 boo972468 Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote...

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

CentOS Update for java CESA-2016:0512 centos7

Check the version of java SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882442";...

OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions...

java-1.8.0-openjdk security update

1:1.8.0.77-0.b03 - Remove what remains of the SunEC sources in the remove-intree-libraries script. - Resolves: rhbz1320661 1:1.8.0.77-0.b03 - Update to u77b03. - Drop 8146566 which is applied upstream. - Replace s390 Java options patch with general version from IcedTea. - Apply s390 patches...

SUSE-SU-2016:0770-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues by updating to 6.0-16.20 bsc963937 - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0636-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...

SUSE-SU-2016:0433-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues by updating to 7.0-9.30 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack wh...