Security update for OpenJDK7 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2058-1 Final 1 1 2016-08-12T06:18:12Z current 2016-08-12T06:18:12Z 2016-08-12T06:18:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for OpenJDK7 Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html E-Mail link for openSUSE-SU-2016:2058-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings java-1_7_0-openjdk-1.7.0.111-24.39.1 java-1_7_0-openjdk-accessibility-1.7.0.111-24.39.1 java-1_7_0-openjdk-demo-1.7.0.111-24.39.1 java-1_7_0-openjdk-devel-1.7.0.111-24.39.1 java-1_7_0-openjdk-headless-1.7.0.111-24.39.1 java-1_7_0-openjdk-javadoc-1.7.0.111-24.39.1 java-1_7_0-openjdk-src-1.7.0.111-24.39.1 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. CVE-2016-3458 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3458.html CVE-2016-3458 https://bugzilla.suse.com/989732 SUSE Bug 989732 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. CVE-2016-3485 low 1.2 AV:L/AC:H/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3485.html CVE-2016-3485 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989734 SUSE Bug 989734 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. CVE-2016-3498 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3498.html CVE-2016-3498 https://bugzilla.suse.com/989729 SUSE Bug 989729 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3500.html CVE-2016-3500 https://bugzilla.suse.com/989730 SUSE Bug 989730 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. CVE-2016-3503 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3503.html CVE-2016-3503 https://bugzilla.suse.com/989728 SUSE Bug 989728 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. CVE-2016-3508 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3508.html CVE-2016-3508 https://bugzilla.suse.com/989731 SUSE Bug 989731 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. CVE-2016-3511 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3511.html CVE-2016-3511 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989727 SUSE Bug 989727 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. CVE-2016-3550 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3550.html CVE-2016-3550 https://bugzilla.suse.com/989733 SUSE Bug 989733 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. CVE-2016-3598 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3598.html CVE-2016-3598 https://bugzilla.suse.com/1009280 SUSE Bug 1009280 https://bugzilla.suse.com/989723 SUSE Bug 989723 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. CVE-2016-3606 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3606.html CVE-2016-3606 https://bugzilla.suse.com/989722 SUSE Bug 989722 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. CVE-2016-3610 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html https://www.suse.com/security/cve/CVE-2016-3610.html CVE-2016-3610 https://bugzilla.suse.com/989725 SUSE Bug 989725