Action not permitted
Modal body text goes here.
cve-2017-10293
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:17.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101338" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10293", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:45:35.807984Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:54:48.511Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-14T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101338" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101338" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10293", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:54:48.511Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-10293\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2017-10-19T17:29:02.343\",\"lastModified\":\"2024-11-21T03:05:50.797\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Javadoc). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"7037AEF9-403D-43EC-ABBB-B46619241586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"B781F1F7-DE18-41F7-83C1-8690B0884DDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D36F2A6-1329-4D74-BADC-C22D46CF7CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"270968EC-7662-41E1-BA9B-D259BEC53A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"71219100-B476-4062-A40A-13F1B8C7DAED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC055BA-0D21-4D2B-AC9B-B81B8468860C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*\",\"matchCriteriaId\":\"280520BC-070C-4423-A633-E6FE45E53D57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.70.1\",\"matchCriteriaId\":\"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D9CC59D-6182-4B5E-96B5-226FCD343916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"698C6261-679D-45C1-A396-57AC96AD64D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD81527-A341-42C3-9AB9-880D3DB04B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"1A79A7B7-2CE9-4F5E-B76D-01A882C66226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"3FA5E22C-489B-4C5F-A5F3-C03F45CA8811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE0A9D2-9A49-4BF6-BC6F-8249162D8334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"26A2B713-7D6D-420A-93A4-E0D983C983DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"1E35D95E-CCBF-4335-A4DB-02218BA172DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"13270F58-E106-48CE-9933-E68AABBBFC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"923F6B82-6A8B-4994-89F6-C430775D5234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"7.2\",\"matchCriteriaId\":\"B7B42CB6-3C14-4183-AFA8-C3682F8B54AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"2AA40F7F-504D-47A9-9778-EC4CE46EB8BF\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101338\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1039596\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2999\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3046\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3047\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-31\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171019-0001/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1039596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171019-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2017-10293
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-10293", "description": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "id": "GSD-2017-10293", "references": [ "https://www.suse.com/security/cve/CVE-2017-10293.html", "https://access.redhat.com/errata/RHSA-2017:3047", "https://access.redhat.com/errata/RHSA-2017:3046", "https://access.redhat.com/errata/RHSA-2017:2999" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-10293" ], "details": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "id": "GSD-2017-10293", "modified": "2023-12-13T01:21:15.053195Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101338" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionEndIncluding": "7.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndIncluding": "7.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10293" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "1039596", "refsource": "SECTRACK", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "101338", "refsource": "BID", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101338" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:3047", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } }, "lastModifiedDate": "2022-08-12T18:04Z", "publishedDate": "2017-10-19T17:29Z" } } }
ghsa-42p8-x3rm-58mv
Vulnerability from github
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
{ "affected": [], "aliases": [ "CVE-2017-10293" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-10-19T17:29:00Z", "severity": "MODERATE" }, "details": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "id": "GHSA-42p8-x3rm-58mv", "modified": "2022-05-13T01:16:56Z", "published": "2022-05-13T01:16:56Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201710-31" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20171019-0001" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101338" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1039596" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }
rhsa-2017_3046
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 161.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)\n\nNote: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3046", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_161", "url": "http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_161" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/java/javase/eol-135779.html", "url": "http://www.oracle.com/technetwork/java/javase/eol-135779.html" }, { "category": "external", "summary": "1367357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357" }, { "category": "external", "summary": "1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "1502640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502640" }, { "category": "external", "summary": "1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3046.json" } ], "title": "Red Hat Security Advisory: java-1.7.0-oracle security update", "tracking": { "current_release_date": "2024-11-14T21:45:41+00:00", "generator": { "date": "2024-11-14T21:45:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:3046", "initial_release_date": "2017-10-24T12:14:29+00:00", "revision_history": [ { "date": "2017-10-24T12:14:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-12-14T15:24:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T21:45:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } } ], "category": "product_family", "name": "Oracle Java for Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-src@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-javafx@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-jdbc@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-devel@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "product": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "product_id": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-plugin@1.7.0.161-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-src@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-devel@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-jdbc@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-javafx@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "product": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "product_id": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-plugin@1.7.0.161-1jpp.3.el6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "product": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "product_id": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-devel@1.7.0.161-1jpp.4.el7?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "product": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "product_id": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle@1.7.0.161-1jpp.4.el7?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-devel@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-src@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-jdbc@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-javafx@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "product": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "product_id": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.0-oracle-plugin@1.7.0.161-1jpp.3.el6?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" }, "product_reference": "java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-9840", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402345" } ], "notes": [ { "category": "description", "text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inftrees.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9840" }, { "category": "external", "summary": "RHBZ#1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inftrees.c" }, { "cve": "CVE-2016-9841", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402346" } ], "notes": [ { "category": "description", "text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inffast.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9841" }, { "category": "external", "summary": "RHBZ#1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9841", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inffast.c" }, { "cve": "CVE-2016-9842", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402348" } ], "notes": [ { "category": "description", "text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Undefined left shift of negative number", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9842" }, { "category": "external", "summary": "RHBZ#1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9842", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Undefined left shift of negative number" }, { "cve": "CVE-2016-9843", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402351" } ], "notes": [ { "category": "description", "text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Big-endian out-of-bounds pointer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9843" }, { "category": "external", "summary": "RHBZ#1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9843", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Big-endian out-of-bounds pointer" }, { "cve": "CVE-2016-10165", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-08-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1367357" } ], "notes": [ { "category": "description", "text": "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.", "title": "Vulnerability description" }, { "category": "summary", "text": "lcms2: Out-of-bounds read in Type_MLU_Read()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10165" }, { "category": "external", "summary": "RHBZ#1367357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10165", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10165" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10165", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10165" } ], "release_date": "2016-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "lcms2: Out-of-bounds read in Type_MLU_Read()" }, { "cve": "CVE-2017-10274", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10274" }, { "category": "external", "summary": "RHBZ#1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10274", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)" }, { "cve": "CVE-2017-10281", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10281" }, { "category": "external", "summary": "RHBZ#1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10281", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10281" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)" }, { "cve": "CVE-2017-10285", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501868" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10285" }, { "category": "external", "summary": "RHBZ#1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10285", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)" }, { "cve": "CVE-2017-10293", "discovery_date": "2017-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503320" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10293" }, { "category": "external", "summary": "RHBZ#1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10293", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10293" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)" }, { "cve": "CVE-2017-10295", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502687" } ], "notes": [ { "category": "description", "text": "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10295" }, { "category": "external", "summary": "RHBZ#1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10295", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10295" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)" }, { "cve": "CVE-2017-10345", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10345" }, { "category": "external", "summary": "RHBZ#1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10345", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)" }, { "cve": "CVE-2017-10346", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501873" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10346" }, { "category": "external", "summary": "RHBZ#1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10346", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)" }, { "cve": "CVE-2017-10347", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502632" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10347" }, { "category": "external", "summary": "RHBZ#1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10347", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10347" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)" }, { "cve": "CVE-2017-10348", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502629" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10348" }, { "category": "external", "summary": "RHBZ#1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10348", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)" }, { "cve": "CVE-2017-10349", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502611" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10349" }, { "category": "external", "summary": "RHBZ#1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10349", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)" }, { "cve": "CVE-2017-10350", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502640" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10350" }, { "category": "external", "summary": "RHBZ#1502640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502640" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10350", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10350" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10350", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10350" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100)" }, { "cve": "CVE-2017-10355", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502869" } ], "notes": [ { "category": "description", "text": "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10355" }, { "category": "external", "summary": "RHBZ#1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10355", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)" }, { "cve": "CVE-2017-10356", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503169" } ], "notes": [ { "category": "description", "text": "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10356" }, { "category": "external", "summary": "RHBZ#1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10356", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10356" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)" }, { "cve": "CVE-2017-10357", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502614" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10357" }, { "category": "external", "summary": "RHBZ#1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10357", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10357" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)" }, { "cve": "CVE-2017-10388", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502038" } ], "notes": [ { "category": "description", "text": "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10388" }, { "category": "external", "summary": "RHBZ#1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10388", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:14:29+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3046" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Client-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Server-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)" } ] }
rhsa-2017_3047
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 171.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)\n\nNote: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 6. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3047", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_171", "url": "http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_171" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/java/javase/eol-135779.html", "url": "http://www.oracle.com/technetwork/java/javase/eol-135779.html" }, { "category": "external", "summary": "1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3047.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-sun security update", "tracking": { "current_release_date": "2024-11-14T21:45:47+00:00", "generator": { "date": "2024-11-14T21:45:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:3047", "initial_release_date": "2017-10-24T12:09:09+00:00", "revision_history": [ { "date": "2017-10-24T12:09:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-12-14T15:18:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T21:45:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } } ], "category": "product_family", "name": "Oracle Java for Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.171-1jpp.4.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.171-1jpp.4.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "product_id": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.171-1jpp.4.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "product_id": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.171-1jpp.4.el7?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "product": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "product_id": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.171-1jpp.4.el7?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-9840", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402345" } ], "notes": [ { "category": "description", "text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inftrees.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9840" }, { "category": "external", "summary": "RHBZ#1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inftrees.c" }, { "cve": "CVE-2016-9841", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402346" } ], "notes": [ { "category": "description", "text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inffast.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9841" }, { "category": "external", "summary": "RHBZ#1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9841", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inffast.c" }, { "cve": "CVE-2016-9842", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402348" } ], "notes": [ { "category": "description", "text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Undefined left shift of negative number", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9842" }, { "category": "external", "summary": "RHBZ#1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9842", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Undefined left shift of negative number" }, { "cve": "CVE-2016-9843", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402351" } ], "notes": [ { "category": "description", "text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Big-endian out-of-bounds pointer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9843" }, { "category": "external", "summary": "RHBZ#1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9843", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Big-endian out-of-bounds pointer" }, { "cve": "CVE-2017-10274", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10274" }, { "category": "external", "summary": "RHBZ#1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10274", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)" }, { "cve": "CVE-2017-10281", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10281" }, { "category": "external", "summary": "RHBZ#1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10281", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10281" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)" }, { "cve": "CVE-2017-10285", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501868" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10285" }, { "category": "external", "summary": "RHBZ#1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10285", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)" }, { "cve": "CVE-2017-10293", "discovery_date": "2017-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503320" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10293" }, { "category": "external", "summary": "RHBZ#1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10293", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10293" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)" }, { "cve": "CVE-2017-10295", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502687" } ], "notes": [ { "category": "description", "text": "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10295" }, { "category": "external", "summary": "RHBZ#1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10295", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10295" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)" }, { "cve": "CVE-2017-10345", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10345" }, { "category": "external", "summary": "RHBZ#1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10345", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)" }, { "cve": "CVE-2017-10346", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501873" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10346" }, { "category": "external", "summary": "RHBZ#1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10346", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)" }, { "cve": "CVE-2017-10347", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502632" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10347" }, { "category": "external", "summary": "RHBZ#1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10347", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10347" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)" }, { "cve": "CVE-2017-10348", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502629" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10348" }, { "category": "external", "summary": "RHBZ#1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10348", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)" }, { "cve": "CVE-2017-10349", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502611" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10349" }, { "category": "external", "summary": "RHBZ#1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10349", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)" }, { "cve": "CVE-2017-10355", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502869" } ], "notes": [ { "category": "description", "text": "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10355" }, { "category": "external", "summary": "RHBZ#1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10355", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)" }, { "cve": "CVE-2017-10356", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503169" } ], "notes": [ { "category": "description", "text": "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10356" }, { "category": "external", "summary": "RHBZ#1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10356", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10356" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)" }, { "cve": "CVE-2017-10357", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502614" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10357" }, { "category": "external", "summary": "RHBZ#1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10357", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10357" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)" }, { "cve": "CVE-2017-10388", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502038" } ], "notes": [ { "category": "description", "text": "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10388" }, { "category": "external", "summary": "RHBZ#1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10388", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-24T12:09:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Client-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Server-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.i686", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)" } ] }
rhsa-2017_2999
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 151.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2999", "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html", "url": "http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html" }, { "category": "external", "summary": "1367357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357" }, { "category": "external", "summary": "1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "1502640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502640" }, { "category": "external", "summary": "1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "1503319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503319" }, { "category": "external", "summary": "1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2999.json" } ], "title": "Red Hat Security Advisory: java-1.8.0-oracle security update", "tracking": { "current_release_date": "2024-11-14T21:45:35+00:00", "generator": { "date": "2024-11-14T21:45:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:2999", "initial_release_date": "2017-10-23T07:44:37+00:00", "revision_history": [ { "date": "2017-10-23T07:44:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-12-14T15:18:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T21:45:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } }, { "category": "product_name", "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7" } } } ], "category": "product_family", "name": "Oracle Java for Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-devel@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-javafx@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-jdbc@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-src@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "product": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "product_id": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-plugin@1.8.0.151-1jpp.1.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-src@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-javafx@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-plugin@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-jdbc@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "product": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "product_id": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-devel@1.8.0.151-1jpp.5.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-devel@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-javafx@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-jdbc@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-src@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "product": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "product_id": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.8.0-oracle-plugin@1.8.0.151-1jpp.1.el6?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Desktop 6", "product_id": "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Client-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux HPC Node 6", "product_id": "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6ComputeNode-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server 6", "product_id": "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Server-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation 6", "product_id": "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "relates_to_product_reference": "6Workstation-OracleJava-6.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Client-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7)", "product_id": "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7ComputeNode-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Server-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64 as a component of Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" }, "product_reference": "java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "relates_to_product_reference": "7Workstation-OracleJava-7.4.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-9840", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402345" } ], "notes": [ { "category": "description", "text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inftrees.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9840" }, { "category": "external", "summary": "RHBZ#1402345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9840" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inftrees.c" }, { "cve": "CVE-2016-9841", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402346" } ], "notes": [ { "category": "description", "text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Out-of-bounds pointer arithmetic in inffast.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9841" }, { "category": "external", "summary": "RHBZ#1402346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9841", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9841" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Out-of-bounds pointer arithmetic in inffast.c" }, { "cve": "CVE-2016-9842", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402348" } ], "notes": [ { "category": "description", "text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Undefined left shift of negative number", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9842" }, { "category": "external", "summary": "RHBZ#1402348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9842", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Undefined left shift of negative number" }, { "cve": "CVE-2016-9843", "discovery_date": "2016-12-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1402351" } ], "notes": [ { "category": "description", "text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "title": "Vulnerability description" }, { "category": "summary", "text": "zlib: Big-endian out-of-bounds pointer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9843" }, { "category": "external", "summary": "RHBZ#1402351", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9843", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9843" }, { "category": "external", "summary": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "url": "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7" }, { "category": "external", "summary": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" } ], "release_date": "2016-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "zlib: Big-endian out-of-bounds pointer" }, { "cve": "CVE-2016-10165", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-08-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1367357" } ], "notes": [ { "category": "description", "text": "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.", "title": "Vulnerability description" }, { "category": "summary", "text": "lcms2: Out-of-bounds read in Type_MLU_Read()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10165" }, { "category": "external", "summary": "RHBZ#1367357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367357" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10165", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10165" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10165", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10165" } ], "release_date": "2016-08-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "lcms2: Out-of-bounds read in Type_MLU_Read()" }, { "cve": "CVE-2017-10274", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10274" }, { "category": "external", "summary": "RHBZ#1502053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502053" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10274", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10274" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)" }, { "cve": "CVE-2017-10281", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10281" }, { "category": "external", "summary": "RHBZ#1502649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502649" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10281", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10281" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10281" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109)" }, { "cve": "CVE-2017-10285", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501868" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10285" }, { "category": "external", "summary": "RHBZ#1501868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10285", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10285" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)" }, { "cve": "CVE-2017-10293", "discovery_date": "2017-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503320" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10293" }, { "category": "external", "summary": "RHBZ#1503320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503320" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10293", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10293" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10293" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)" }, { "cve": "CVE-2017-10295", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502687" } ], "notes": [ { "category": "description", "text": "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10295" }, { "category": "external", "summary": "RHBZ#1502687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502687" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10295", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10295" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10295" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)" }, { "cve": "CVE-2017-10309", "discovery_date": "2017-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503319" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10309" }, { "category": "external", "summary": "RHBZ#1503319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503319" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10309", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10309" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment)" }, { "cve": "CVE-2017-10345", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10345" }, { "category": "external", "summary": "RHBZ#1502858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502858" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10345", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10345" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)" }, { "cve": "CVE-2017-10346", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501873" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10346" }, { "category": "external", "summary": "RHBZ#1501873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501873" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10346", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10346" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)" }, { "cve": "CVE-2017-10347", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502632" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10347" }, { "category": "external", "summary": "RHBZ#1502632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10347", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10347" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10347" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)" }, { "cve": "CVE-2017-10348", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502629" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10348" }, { "category": "external", "summary": "RHBZ#1502629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10348", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10348" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10348" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)" }, { "cve": "CVE-2017-10349", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502611" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10349" }, { "category": "external", "summary": "RHBZ#1502611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502611" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10349", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10349" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)" }, { "cve": "CVE-2017-10350", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502640" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10350" }, { "category": "external", "summary": "RHBZ#1502640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502640" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10350", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10350" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10350", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10350" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100)" }, { "cve": "CVE-2017-10355", "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502869" } ], "notes": [ { "category": "description", "text": "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10355" }, { "category": "external", "summary": "RHBZ#1502869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502869" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10355", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10355" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)" }, { "cve": "CVE-2017-10356", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503169" } ], "notes": [ { "category": "description", "text": "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10356" }, { "category": "external", "summary": "RHBZ#1503169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10356", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10356" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10356" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)" }, { "cve": "CVE-2017-10357", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502614" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10357" }, { "category": "external", "summary": "RHBZ#1502614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10357", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10357" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10357" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)" }, { "cve": "CVE-2017-10388", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1502038" } ], "notes": [ { "category": "description", "text": "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-10388" }, { "category": "external", "summary": "RHBZ#1502038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502038" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-10388", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10388" } ], "release_date": "2017-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-10-23T07:44:37+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Oracle Java must be restarted for this update to take effect.", "product_ids": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Client-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6ComputeNode-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Server-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6.x86_64", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.i686", "6Workstation-OracleJava-6.9.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Client-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7ComputeNode-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Server-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7.x86_64", "7Workstation-OracleJava-7.4.Z:java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.