MGASA-2016-0359 Updated java-1.8.0-openjdk packages fix security vulnerability

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions CVE-2016-5582...

Updated java-1.8.0-openjdk packages fix security vulnerability

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions CVE-2016-5582...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20161019)

Security Fixes : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Overview HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...

USN-3041-1: Oxide vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...

Debian Security Advisory DSA 3637-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1918-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated chromium-browser-stable packages fix security vulnerability

Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1705 The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin...

Debian DSA-3637-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-1706 Pinki...

Google Chrome < 52.0.2743.82 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities as referenced in the 201607stable-channel-update advisory. - The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origi...

Google Chrome memory misreference vulnerability (CNVD-2016-05593)

Google Chrome is a web browsing tool developed by Google. A memory misreference vulnerability exists in the handling of source information in proxy authentication in versions prior to Google Chrome 52.0.2743.82. A man-in-the-middle attacker modifying the client-to-server data flow can spoof the...

chromium-browser: origin confusion in proxy authentication

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...