ID CVE-2016-0636
Summary Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 6.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Red Hat IcedTea7 2.6.6
    cpe:2.3:a:redhat:icedtea7:2.6.6
  • Oracle JDK 1.7.0 Update 97
    cpe:2.3:a:oracle:jdk:1.7.0:update_97
  • Oracle JDK 1.8.0 Update 73
    cpe:2.3:a:oracle:jdk:1.8.0:update_73
  • Oracle JDK 1.8.0 Update 74
    cpe:2.3:a:oracle:jdk:1.8.0:update_74
  • Oracle JRE 1.7.0 Update 97
    cpe:2.3:a:oracle:jre:1.7.0:update_97
  • Oracle JRE 1.8.0 Update 73
    cpe:2.3:a:oracle:jre:1.8.0:update_73
  • Oracle JRE 1.8.0 Update 74
    cpe:2.3:a:oracle:jre:1.8.0:update_74
CVSS
Base: 9.3 (as of 21-10-2016 - 10:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0514.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90159
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90159
    title CentOS 6 : java-1.8.0-openjdk (CESA-2016:0514)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0513.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90181
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90181
    title RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0513)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0512.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90157
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90157
    title CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0512)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-457.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (boo#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90529
    published 2016-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90529
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-457)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0957-1.NASL
    description This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the following security issue : - CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code. (bsc#972468) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 90398
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90398
    title SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:0957-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-443.NASL
    description This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the following security issue : - CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code. (bsc#972468) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90480
    published 2016-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90480
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-443)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-677.NASL
    description An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 90270
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90270
    title Amazon Linux AMI : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2016-677)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0959-1.NASL
    description The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues : Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 90399
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90399
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0959-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0516.NASL
    description An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 8 Update 77. Security Fix(es) : This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90184
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90184
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0516)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0513.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90158
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90158
    title CentOS 7 : java-1.8.0-openjdk (CESA-2016:0513)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0513.NASL
    description From Red Hat Security Advisory 2016:0513 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90176
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90176
    title Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2016-0513)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    description Security Fix(es) : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90242
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90242
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3558.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 90725
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90725
    title Debian DSA-3558-1 : openjdk-7 - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-451.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure. For Debian 7 'Wheezy', these problems have been fixed in version 7u101-2.6.6-2~deb7u1. We recommend that you upgrade your openjdk-7 packages. Please note that OpenJDK 7 will be made the new default Java implementation on 26 June 2016. For further information please refer to https://wiki.debian.org/LTS/Wheezy NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 90869
    published 2016-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90869
    title Debian DLA-451-1 : openjdk-7 security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201610-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 94085
    published 2016-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94085
    title GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-444.NASL
    description The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues : Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90481
    published 2016-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90481
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-444)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-431.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : java-1_7_0-openjdk was updated to 2.6.5 - OpenJDK 7u99 (boo#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Update to 2.6.5 - OpenJDK 7u99 (boo#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90419
    published 2016-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90419
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-431)
  • NASL family Windows
    NASL id ORACLE_JAVA_SE_CVE-2016-0636.NASL
    description The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcement of class loader constraints. A remote attacker can exploit this, by convincing a user to visit a malicious web page, to execute arbitrary code outside the Java sandbox.
    last seen 2017-10-29
    modified 2016-05-03
    plugin id 90828
    published 2016-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90828
    title Oracle Java SE Hotspot JSR 292 Method Handles RCE
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0515.NASL
    description An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 7 Update 99. Security Fix(es) : This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90183
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90183
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0515)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160325_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    description Security Fix(es) : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90241
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90241
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-432.NASL
    description This update of java-1_8_0-openjdk to jdk8u77-b03 fixes the following issues : - CVE-2016-0636: Improve MethodHandle consistency fixes crash / code execution problems.
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90475
    published 2016-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90475
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-432)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0511.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90179
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90179
    title RHEL 6 : java-1.7.0-openjdk (RHSA-2016:0511)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0511.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90156
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90156
    title CentOS 6 : java-1.7.0-openjdk (CESA-2016:0511)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2942-1.NASL
    description A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-01
    plugin id 90245
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90245
    title Ubuntu 14.04 LTS / 15.10 : openjdk-7 vulnerability (USN-2942-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0956-1.NASL
    description The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues : Update to 2.6.5 - OpenJDK 7u99 (bsc#972468) - Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency, which could be used by attackers to inject code. - Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote connector - S6961123: setWMClass fails to null-terminate WM_CLASS string - S8145982, PR2858: JMXInterfaceBindingTest is failing intermittently - S8146015, PR2858: JMXInterfaceBindingTest is failing intermittently for IPv6 addresses - Backports - S8028727, PR2814: [parfait] warnings from b116 for jdk.src.share.native.sun.security.ec: JNI pending exceptions - S8048512, PR2814: Uninitialised memory in jdk/src/share/native/sun/security/ec/ECC_JNI.cpp - S8071705. PR2819, RH1182694: Java application menu misbehaves when running multiple screen stacked vertically - S8150954, PR2866, RH1176206: AWT Robot not compatible with GNOME Shell - Bug fixes - PR2803: Make system CUPS optional - PR2886: Location of 'stap' executable is hard-coded - PR2893: test/tapset/jstaptest.pl should be executable - PR2894: Add missing test directory in make check. - CACAO - PR2781, CA195: typeinfo.cpp: typeinfo_merge_nonarrays: Assertion `dest && result && x.any && y.any' failed - AArch64 port - PR2852: Add support for large code cache - PR2852: Apply ReservedCodeCacheSize default limiting to AArch64 only. - S8081289, PR2852: aarch64: add support for RewriteFrequentPairs in interpreter - S8131483, PR2852: aarch64: illegal stlxr instructions - S8133352, PR2852: aarch64: generates constrained unpredictable instructions - S8133842, PR2852: aarch64: C2 generates illegal instructions with int shifts >=32 - S8134322, PR2852: AArch64: Fix several errors in C2 biased locking implementation - S8136615, PR2852: aarch64: elide DecodeN when followed by CmpP 0 - S8138575, PR2852: Improve generated code for profile counters - S8138641, PR2852: Disable C2 peephole by default for aarch64 - S8138966, PR2852: Intermittent SEGV running ParallelGC - S8143067, PR2852: aarch64: guarantee failure in javac - S8143285, PR2852: aarch64: Missing load acquire when checking if ConstantPoolCacheEntry is resolved - S8143584, PR2852: Load constant pool tag and class status with load acquire - S8144201, PR2852: aarch64: jdk/test/com/sun/net/httpserver/Test6a.java fails with --enable-unlimited-crypto - S8144582, PR2852: AArch64 does not generate correct branch profile data - S8146709, PR2852: AArch64: Incorrect use of ADRP for byte_map_base - S8147805, PR2852: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject - S8148240, PR2852: aarch64: random infrequent NULL pointer exceptions in javac - PPC & AIX port - S8034797, PR2851: AIX: Fix os::naked_short_sleep() in os_aix.cpp after 8028280 - S8139258, PR2851: PPC64LE: argument passing problem when passing 15 floats in native call - S8139421, PR2851: PPC64LE: MacroAssembler::bxx64_patchable kill register R12 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 90397
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90397
    title SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0956-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    description Security Fix(es) : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90243
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90243
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160325_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL
    description Security Fix(es) : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-10-24
    plugin id 90244
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90244
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0512.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90180
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90180
    title RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0512)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0511.NASL
    description From Red Hat Security Advisory 2016:0511 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90174
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90174
    title Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2016-0511)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-18 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause Denial of Service. Workaround : There is no known work around at this time.
    last seen 2017-10-29
    modified 2017-02-01
    plugin id 91863
    published 2016-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91863
    title GLSA-201606-18 : IcedTea: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0514.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90182
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90182
    title RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0514)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0512.NASL
    description From Red Hat Security Advisory 2016:0512 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90175
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90175
    title Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0512)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0514.NASL
    description From Red Hat Security Advisory 2016:0514 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es) : * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90177
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90177
    title Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0514)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1010.NASL
    description According to the version of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-06-14
    modified 2018-06-13
    plugin id 99773
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99773
    title EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1010)
redhat via4
advisories
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el6_7
          oval oval:com.redhat.rhsa:tst:20160511005
        • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009006
      • AND
        • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el6_7
          oval oval:com.redhat.rhsa:tst:20160511009
        • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009010
      • AND
        • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el6_7
          oval oval:com.redhat.rhsa:tst:20160511007
        • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009008
      • AND
        • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el6_7
          oval oval:com.redhat.rhsa:tst:20160511013
        • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009012
      • AND
        • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el6_7
          oval oval:com.redhat.rhsa:tst:20160511011
        • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2016:0511
    released 2016-03-24
    severity Critical
    title RHSA-2016:0511: java-1.7.0-openjdk security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512010
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512006
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165025
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512004
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165023
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512002
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512008
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512016
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512024
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675018
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512020
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512018
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512026
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675012
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512028
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512022
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2016:0512
    released 2016-03-24
    severity Important
    title RHSA-2016:0512: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513021
        • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636006
      • AND
        • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513025
        • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150809023
      • AND
        • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513027
        • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160049016
      • AND
        • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513005
        • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919012
      • AND
        • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513013
        • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636012
      • AND
        • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513023
        • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919018
      • AND
        • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513017
        • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636016
      • AND
        • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513011
        • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919016
      • AND
        • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513007
        • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636008
      • AND
        • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513019
        • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919006
      • AND
        • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513031
        • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636014
      • AND
        • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513029
        • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919028
      • AND
        • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513015
        • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636010
      • AND
        • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el7_2
          oval oval:com.redhat.rhsa:tst:20160513009
        • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919022
    rhsa
    id RHSA-2016:0513
    released 2016-03-24
    severity Critical
    title RHSA-2016:0513: java-1.8.0-openjdk security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: out-of-band urgent security fix (Hotspot, 8151666)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514019
        • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636006
      • AND
        • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514009
        • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919012
      • AND
        • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514017
        • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636012
      • AND
        • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514007
        • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919018
      • AND
        • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514021
        • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636016
      • AND
        • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514005
        • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919016
      • AND
        • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514013
        • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636008
      • AND
        • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514015
        • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919006
      • AND
        • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514025
        • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636014
      • AND
        • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514027
        • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919028
      • AND
        • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514011
        • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636010
      • AND
        • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el6_7
          oval oval:com.redhat.rhsa:tst:20160514023
        • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919022
    rhsa
    id RHSA-2016:0514
    released 2016-03-24
    severity Important
    title RHSA-2016:0514: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515013
        • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121019006
      • AND
        • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515015
        • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121019008
      • AND
        • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515011
        • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121391012
      • AND
        • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515007
        • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121019012
      • AND
        • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515005
        • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121019014
      • AND
        • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160515009
        • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121019010
    rhsa
    id RHSA-2016:0515
    released 2016-03-24
    severity Critical
    title RHSA-2016:0515: java-1.7.0-oracle security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.8.0-oracle is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516013
        • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080006
      • AND
        • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516011
        • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080010
      • AND
        • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516015
        • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080008
      • AND
        • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516007
        • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080012
      • AND
        • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516005
        • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080016
      • AND
        • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.77-1jpp.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160516009
        • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150080014
    rhsa
    id RHSA-2016:0516
    released 2016-03-24
    severity Critical
    title RHSA-2016:0516: java-1.8.0-oracle security update (Critical)
rpms
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-accessibility-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-headless-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.8.0-openjdk-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el6_7
  • java-1.8.0-oracle-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-devel-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-javafx-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-jdbc-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-plugin-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-src-1:1.8.0.77-1jpp.1.el6_7
refmap via4
bid 85376
confirm
debian DSA-3558
gentoo
  • GLSA-201606-18
  • GLSA-201610-08
sectrack 1035401
suse
  • SUSE-SU-2016:0956
  • SUSE-SU-2016:0957
  • SUSE-SU-2016:0959
  • openSUSE-SU-2016:0971
  • openSUSE-SU-2016:0983
  • openSUSE-SU-2016:1004
  • openSUSE-SU-2016:1005
  • openSUSE-SU-2016:1042
ubuntu USN-2942-1
Last major update 02-12-2016 - 22:16
Published 24-03-2016 - 14:59
Last modified 09-11-2017 - 21:29
Back to Top