Security update for java-1_8_0-openjdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1222-1 Final 1 1 2016-05-04T10:53:15Z current 2016-05-04T10:53:15Z 2016-05-04T10:53:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_8_0-openjdk This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU (bsc#976340): - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html E-Mail link for openSUSE-SU-2016:1222-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 java-1_8_0-openjdk-1.8.0.91-27.1 java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 java-1_8_0-openjdk-demo-1.8.0.91-27.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 java-1_8_0-openjdk-devel-1.8.0.91-27.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 java-1_8_0-openjdk-headless-1.8.0.91-27.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 java-1_8_0-openjdk-src-1.8.0.91-27.1 java-1_8_0-openjdk-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-demo-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-devel-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-headless-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 as a component of openSUSE 13.2 java-1_8_0-openjdk-src-1.8.0.91-27.1 as a component of openSUSE 13.2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. CVE-2016-0686 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-0686.html CVE-2016-0686 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. CVE-2016-0687 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-0687.html CVE-2016-0687 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0695 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 2.5 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-0695.html CVE-2016-0695 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 4.9 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-3425.html CVE-2016-3425 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2016-3426 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-3426.html CVE-2016-3426 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3427 openSUSE 13.2:java-1_8_0-openjdk-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-accessibility-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-debugsource-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-devel-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-javadoc-1.8.0.91-27.1 openSUSE 13.2:java-1_8_0-openjdk-src-1.8.0.91-27.1 important 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html https://www.suse.com/security/cve/CVE-2016-3427.html CVE-2016-3427 https://bugzilla.suse.com/1011805 SUSE Bug 1011805 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252