Security update for java-1_7_0-openjdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1235-1 Final 1 1 2016-05-04T15:59:56Z current 2016-05-04T15:59:56Z 2016-05-04T15:59:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency (bsc#976340). - CVE-2016-0687: Better byte behavior (bsc#976340). - CVE-2016-0695: Make DSA more fair (bsc#976340). - CVE-2016-3425: Better buffering of XML strings (bsc#976340). - CVE-2016-3427: Improve JMX connections (bsc#976340). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html E-Mail link for openSUSE-SU-2016:1235-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings java-1_7_0-openjdk-1.7.0.101-24.36.2 java-1_7_0-openjdk-accessibility-1.7.0.101-24.36.2 java-1_7_0-openjdk-demo-1.7.0.101-24.36.2 java-1_7_0-openjdk-devel-1.7.0.101-24.36.2 java-1_7_0-openjdk-headless-1.7.0.101-24.36.2 java-1_7_0-openjdk-javadoc-1.7.0.101-24.36.2 java-1_7_0-openjdk-src-1.7.0.101-24.36.2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. CVE-2016-0686 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html https://www.suse.com/security/cve/CVE-2016-0686.html CVE-2016-0686 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. CVE-2016-0687 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html https://www.suse.com/security/cve/CVE-2016-0687.html CVE-2016-0687 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0695 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html https://www.suse.com/security/cve/CVE-2016-0695.html CVE-2016-0695 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html https://www.suse.com/security/cve/CVE-2016-3425.html CVE-2016-3425 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3427 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html https://www.suse.com/security/cve/CVE-2016-3427.html CVE-2016-3427 https://bugzilla.suse.com/1011805 SUSE Bug 1011805 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252