ID CVE-2016-3598
Summary Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
References
Vulnerable Configurations
  • Oracle JDK 1.8.0 Update 91
    cpe:2.3:a:oracle:jdk:1.8.0:update_91
  • Oracle JDK 1.8.0 Update 92
    cpe:2.3:a:oracle:jdk:1.8.0:update_92
  • Oracle JRE 1.8.0 Update 91
    cpe:2.3:a:oracle:jre:1.8.0:update_91
  • Oracle JRE 1.8.0 Update 92
    cpe:2.3:a:oracle:jre:1.8.0:update_92
  • cpe:2.3:o:oracle:linux:5.0
    cpe:2.3:o:oracle:linux:5.0
  • Oracle Linux 6.0
    cpe:2.3:o:oracle:linux:6.0
  • Oracle Linux 7.0
    cpe:2.3:o:oracle:linux:7.0
CVSS
Base: 9.3 (as of 07-11-2016 - 14:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    description Security Fix(es) : - Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) - Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) - Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 92491
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92491
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-982.NASL
    description Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729)
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 92992
    published 2016-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92992
    title openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-1458.NASL
    description From Red Hat Security Advisory 2016:1458 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 92489
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92489
    title Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160727_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    description Security Fix(es) : - Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) - Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) - Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 92605
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92605
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-978.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes CallMethodA/CallMethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_ has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update - Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain 'GNU General Public License' header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates - Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwiceTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define 'headful' jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 - Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL - AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2018-09-02
    modified 2016-10-13
    plugin id 92979
    published 2016-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92979
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-976.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. - Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java failing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted - Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape - Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't - AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 92932
    published 2016-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92932
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201610-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2016-10-19
    plugin id 94085
    published 2016-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94085
    title GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-1504.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 92586
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92586
    title CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:1504)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-729.NASL
    description Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606 , CVE-2016-3598 , CVE-2016-3610) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500 , CVE-2016-3508) Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458 , CVE-2016-3550)
    last seen 2018-09-02
    modified 2018-04-18
    plugin id 92664
    published 2016-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92664
    title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-729)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-723.NASL
    description Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606 , CVE-2016-3587 , CVE-2016-3598 , CVE-2016-3610) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500 , CVE-2016-3508) Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458 , CVE-2016-3550)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 92470
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92470
    title Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-723)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-944.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (boo#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (boo#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (boo#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (boo#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (boo#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (boo#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (boo#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (boo#989723) - S8158571, CVE-2016-3610: Additional method handle validation (boo#989725) - CVE-2016-3552 (boo#989726) - CVE-2016-3511 (boo#989727) - CVE-2016-3503 (boo#989728) - CVE-2016-3498 (boo#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes CallMethodA/CallMethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_ has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update - Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain 'GNU General Public License' header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates - Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwiceTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define 'headful' jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 - Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (boo#987895) - Fix aarch64 running with 48 bits va space (boo#984684)
    last seen 2018-09-02
    modified 2016-10-13
    plugin id 92774
    published 2016-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92774
    title openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1475.NASL
    description An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 12 September 2016] This advisory has been updated to push packages into the Oracle Java for Red Hat Enterprise Linux 6 Compute Node channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix(es) : * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92508
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92508
    title RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1458.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92490
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92490
    title RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1589.NASL
    description An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92858
    published 2016-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92858
    title RHEL 5 : java-1.7.0-ibm (RHSA-2016:1589)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-977.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. - Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java failing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted - Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape - Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't - AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 92978
    published 2016-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92978
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1587.NASL
    description An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92856
    published 2016-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92856
    title RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:1587)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1032.NASL
    description According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) - Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) - Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-15
    modified 2018-11-14
    plugin id 99795
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99795
    title EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1032)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_JULY2016_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - A flaw exists in the Libraries subcomponent in the share/classes/java/lang/invoke/MethodHandles.java class within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2016-3598)
    last seen 2018-09-01
    modified 2018-07-17
    plugin id 94970
    published 2016-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94970
    title AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JUL_2016_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458) - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552) - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587) - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598) - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 92517
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92517
    title Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2726-1.NASL
    description IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues : - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment - CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 94609
    published 2016-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94609
    title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2347-1.NASL
    description IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 93646
    published 2016-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93646
    title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3062-1.NASL
    description Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-3550). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 92999
    published 2016-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92999
    title Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3062-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2261-1.NASL
    description IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 93373
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93373
    title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2012-1.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes CallMethodA/CallMethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_ has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized shClosure> - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update - Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrinsic - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8143913: MSCAPI keystore should accept Certificate[] in setEntry() - S8144313: Test SessionTimeOutTests can be timeout - S8146240: Three nashorn files contain 'GNU General Public License' header - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua - S8151522: Disable 8130150 and 8081778 intrinsics by default - S8151876: (tz) Support tzdata2016d - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail - S8157077: 8u101 L10n resource file updates - Backports - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation - S8014212, PR2866: Robot captures black screen - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository. - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management - S8035054, PR3095: JarFacade.c should not include ctype.h - S8035287, PR3095: gcc warnings compiling various libraries files - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality - S8039279, PR3077: Move awt tests to openjdk repository - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3) - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9 - S8056911, PR3077: Remove internal API usage from ExtendedRobot class - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10 - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwic eTest.java failed automatically - S8062606, PR3077: Fix a typo in java.awt.Robot class - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor - S8073320, PR1061: Windows HiDPI Graphics support - S8074807, PR3077: Fix some tests unnecessary using internal API - S8076315, PR3077: move 4 manual functional swing tests to regression suite - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize() - S8129822, PR3077: Define 'headful' jtreg keyword - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access - S8137571, PR1061: Linux HiDPI Graphics support - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted - S8145188, PR2945: No LocalVariableTable generated for the entire JDK - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045] - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful. - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6 - Bug fixes - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure - PR2932: Support ccache in a non-automagic manner - PR2933: Support ccache 3.2 and later - PR2964: Set system defaults based on OS - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings - PR3078: Remove duplicated line dating back to 6788347 and 6894807 - PR3083, RH1346460: Regression in SSL debug output without an ECC provider - PR3089: Remove old memory limits patch - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs - PR3095: Fix warnings in URLClassPath.c - PR3096: Remove dead --disable-optimizations option - PR3105: Use version from hotspot.map to create tarball filename - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version - PR3108: Shenandoah patches not included in release tarball - PR3110: Update hotspot.map documentation in INSTALL - AArch64 port - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64 - S8148328, PR3078: aarch64: redundant lsr instructions in stub code. - S8148783, PR3078: aarch64: SEGV running SpecJBB2013 - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection - S8150082, PR3078: aarch64: optimise small array copy - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops. - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero. - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine - S8153713, PR3078: aarch64: improve short array clearing using store pair - S8153797, PR3078: aarch64: Add Arrays.fill stub code - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8155015, PR3078: Aarch64: bad assert in spill generation code - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612 - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine - S8157841, PR3078: aarch64: prefetch ignores cache line size - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted - S8158913, PR3078: aarch64: SEGV running Spark terasort - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words - S8159063, PR3078: aarch64: optimise unaligned array copy long - PR3078: Cleanup remaining differences from aarch64/jdk8u tree - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895) - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 93281
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93281
    title SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-43.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-43 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2017-01-20
    plugin id 96640
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96640
    title GLSA-201701-43 : IcedTea: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-1504.NASL
    description From Red Hat Security Advisory 2016:1504 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 92599
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92599
    title Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-1504)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_JUL_2016.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458) - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503) - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550) - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552) - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587) - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598) - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606) - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 92516
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92516
    title Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1216.NASL
    description An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 100094
    published 2017-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100094
    title RHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1997-1.NASL
    description This update for java-1_7_0-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - Import of OpenJDK 7 u111 build 0 - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package - S7060849: Eliminate pack200 build warnings - S7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code - S7105780: Add SSLSocket client/SSLEngine server to templates directory - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done - S7152582: PKCS11 tests should use the NSS libraries available in the OS - S7192202: Make sure keytool prints both unknown and unparseable extensions - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win] - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161 - S8019341: Update CookieHttpsClientTest to use the newer framework. - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs - S8022439: Fix lint warnings in sun.security.ec - S8022594: Potential deadlock in of sun.nio.ch.Util/IOUtil - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8079410: Hotspot version to share the same update and build version from JDK - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8144313: Test SessionTimeOutTests can be timeout - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out - S8146669: Test SessionTimeOutTests fails intermittently - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811 - S8147857: [TEST] RMIConnector logs attribute names incorrectly - S8151841, PR3098: Build needs additional flags to compile with GCC 6 - S8151876: (tz) Support tzdata2016d - S8157077: 8u101 L10n resource file updates - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow not known. - Import of OpenJDK 7 u111 build 1 - S7081817: test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java f ailing - S8140344: add support for 3 digit update release numbers - S8145017: Add support for 3 digit hotspot minor version numbers - S8162344: The API changes made by CR 7064075 need to be reverted - Backports - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime - S4900206, PR3101: Include worst-case rounding tests for Math library functions - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate - S6934604, PR3075: enable parts of EliminateAutoBox by default - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144 - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0 - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly - S8005402, PR3020: Need to provide benchmarks for color management - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination. - S8013430, PR3020: REGRESSION: closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87 - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes - S8014959, PR3075: assert(Compile::current()->live_nodes() (uint)MaxNodeLimit) failed: Live Node limit exceeded limit - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object - S8024511, PR3020: Crash during color profile destruction - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8 - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape - Bug fixes - PR2799, RH1195203: Files are missing from resources.jar - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed - PR3091: SystemTap is heavily confused by multiple JDKs - PR3102: Extend 8022594 to AixPollPort - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created - PR3111: Provide option to disable SystemTap tests - PR3114: Don't assume system mime.types supports text/x-java-source - PR3115: Add check for elliptic curve cryptography implementation - PR3116: Add tests for Java debug info and source files - PR3118: Path to agpl-3.0.txt not updated - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't - AArch64 port - S8148328, PR3100: aarch64: redundant lsr instructions in stub code. - S8148783, PR3100: aarch64: SEGV running SpecJBB2013 - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted - Enable SunEC for SLE12 and Leap (bsc#982366) - Fix aarch64 running with 48 bits va space (bsc#984684) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 93272
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93272
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2286-1.NASL
    description IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-30
    modified 2018-11-29
    plugin id 93458
    published 2016-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93458
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-1458.NASL
    description An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 92473
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92473
    title CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:1458)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1588.NASL
    description An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix(es) : * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92857
    published 2016-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92857
    title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:1588)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3043-1.NASL
    description Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2016-3500, CVE-2016-3508) A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-3550). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 92584
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92584
    title Ubuntu 16.04 LTS : openjdk-8 vulnerabilities (USN-3043-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1504.NASL
    description An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 92604
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92604
    title RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)
redhat via4
advisories
  • rhsa
    id RHSA-2016:1458
  • rhsa
    id RHSA-2016:1475
  • rhsa
    id RHSA-2016:1504
  • rhsa
    id RHSA-2016:1587
  • rhsa
    id RHSA-2016:1588
  • rhsa
    id RHSA-2016:1589
  • rhsa
    id RHSA-2017:1216
rpms
  • java-1.8.0-openjdk-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-demo-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-devel-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-headless-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-src-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-src-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-accessibility-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-headless-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.2.el6_8
refmap via4
bid
  • 91787
  • 91918
confirm
gentoo
  • GLSA-201610-08
  • GLSA-201701-43
sectrack 1036365
suse
  • SUSE-SU-2016:1997
  • SUSE-SU-2016:2012
  • SUSE-SU-2016:2261
  • SUSE-SU-2016:2286
  • openSUSE-SU-2016:1979
  • openSUSE-SU-2016:2050
  • openSUSE-SU-2016:2051
  • openSUSE-SU-2016:2052
  • openSUSE-SU-2016:2058
ubuntu
  • USN-3043-1
  • USN-3062-1
Last major update 28-11-2016 - 15:11
Published 21-07-2016 - 06:14
Last modified 04-01-2018 - 21:30
Back to Top