Security update for java-1_7_0-openjdk SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1265-1 Final 1 1 2016-05-07T09:56:30Z current 2016-05-07T09:56:30Z 2016-05-07T09:56:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-1_7_0-openjdk This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency (bsc#976340). - CVE-2016-0687: Better byte behavior (bsc#976340). - CVE-2016-0695: Make DSA more fair (bsc#976340). - CVE-2016-3425: Better buffering of XML strings (bsc#976340). - CVE-2016-3427: Improve JMX connections (bsc#976340). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html E-Mail link for openSUSE-SU-2016:1265-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 java-1_7_0-openjdk-1.7.0.101-31.1 java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 java-1_7_0-openjdk-demo-1.7.0.101-31.1 java-1_7_0-openjdk-devel-1.7.0.101-31.1 java-1_7_0-openjdk-headless-1.7.0.101-31.1 java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 java-1_7_0-openjdk-src-1.7.0.101-31.1 java-1_7_0-openjdk-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-demo-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-devel-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-headless-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 java-1_7_0-openjdk-src-1.7.0.101-31.1 as a component of openSUSE Leap 42.1 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. CVE-2016-0686 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.101-31.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html https://www.suse.com/security/cve/CVE-2016-0686.html CVE-2016-0686 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. CVE-2016-0687 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.101-31.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html https://www.suse.com/security/cve/CVE-2016-0687.html CVE-2016-0687 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0695 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.101-31.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html https://www.suse.com/security/cve/CVE-2016-0695.html CVE-2016-0695 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.101-31.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html https://www.suse.com/security/cve/CVE-2016-3425.html CVE-2016-3425 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3427 openSUSE Leap 42.1:java-1_7_0-openjdk-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-accessibility-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-demo-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-devel-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-headless-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-javadoc-1.7.0.101-31.1 openSUSE Leap 42.1:java-1_7_0-openjdk-src-1.7.0.101-31.1 important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html https://www.suse.com/security/cve/CVE-2016-3427.html CVE-2016-3427 https://bugzilla.suse.com/1011805 SUSE Bug 1011805 https://bugzilla.suse.com/976340 SUSE Bug 976340 https://bugzilla.suse.com/979252 SUSE Bug 979252