USN-3275-2: OpenJDK 7 vulnerabilities

USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java applicati...

Ubuntu: Security Advisory (USN-3275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3275-1: OpenJDK 8 vulnerabilities

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. CVE-2017-3509 It was discovered that an untrusted library search path fl...

USN-3275-1 openjdk-8 vulnerabilities

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. CVE-2017-3509 It was discovered that an untrusted library search path fl...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-827)

Improper re-use of NTLM authenticated connections Networking, 8163520 : It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this...

Oracle Java SE 6 < Update 151 / 7 < Update 141 / 8 < Update 131 Multiple Vulnerabilities

Binary data 700090.prm...

RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2017:1204)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1204 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170509)

Security Fixes : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 - It was found that the...

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

Moderate: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Medium: java-1.8.0-openjdk

Issue Overview: Improper re-use of NTLM authenticated connections Networking, 8163520: It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could...

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1073)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1074)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to...

[SECURITY] Fedora 24 Update: bouncycastle-1.52-9.fc24

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment including the newly released J2ME with the additional infrastructure to conform the algorithms to the JCE...

CVE-2017-3511

CVE-2017-3511 is an OpenJDK vulnerability in the JCE component where an untrusted library search path flaw could allow a local attacker to load attacker-controlled libraries and escalate privileges. Affected products/versions include Java SE 7u131, 8u121 (and OpenJDK variants); exploitation requi...

CVE-2017-3511

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to th...

KLA11006 Multiple vulnerabilities in Oracle Java SE

Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in subcomponent JCE Java Cryptography Extension c...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20170421)

Security Fixes : - An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 - It was found that the...

RedHat Update for java-1.8.0-openjdk RHSA-2017:1109-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...