This update for java-1_7_1-ibm fixes the following issues:
Security update to version 7.1.4.15 [bsc#1070162]
CVE-2017-10349: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10348: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10388: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2016-9841: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10293: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10345: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10350: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10356: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10357: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10347: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10355: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10285: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10281: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10295: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2017-10346: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
CVE-2016-10165: "Vulnerability in the Java SE, Java SE Embedded,
JRockit component of Oracle Java SE (subcomponent: Serialization).
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144
and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded,
JRockit. Successful attacks require human interaction from a person
other than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 3.1 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."