rhsa-2017_1216
Vulnerability from csaf_redhat
Published
2017-05-09 16:41
Modified
2024-12-01 12:02
Summary
Red Hat Security Advisory: java-1.7.1-ibm security update
Notes
Topic
An update for java-1.7.1-ibm is now available for Red Hat
Satellite 5.7 and Red Hat Satellite 5.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for java-1.7.1-ibm is now available for Red Hat\nSatellite 5.7 and Red Hat Satellite 5.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:1216", "url": "https://access.redhat.com/errata/RHSA-2017:1216" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1324044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044" }, { "category": "external", "summary": "1327743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743" }, { "category": "external", "summary": "1327749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749" }, { "category": "external", "summary": "1328059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059" }, { "category": "external", "summary": "1328210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210" }, { "category": "external", "summary": "1328618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618" }, { "category": "external", "summary": "1328619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619" }, { "category": "external", "summary": "1328620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620" }, { "category": "external", "summary": "1330986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986" }, { "category": "external", "summary": "1331359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359" }, { "category": "external", "summary": "1356971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971" }, { "category": "external", "summary": "1358168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1385544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544" }, { "category": "external", "summary": "1385714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714" }, { "category": "external", "summary": "1385723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723" }, { "category": "external", "summary": "1386103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103" }, { "category": "external", "summary": "1386408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408" }, { "category": "external", "summary": "1413554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554" }, { "category": "external", "summary": "1413562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562" }, { "category": "external", "summary": "1413583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583" }, { "category": "external", "summary": "1413653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653" }, { "category": "external", "summary": "1413717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717" }, { "category": "external", "summary": "1413764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764" }, { "category": "external", "summary": "1413882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882" }, { "category": "external", "summary": "1413906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906" }, { "category": "external", "summary": "1413911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911" }, { "category": "external", "summary": "1413920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920" }, { "category": "external", "summary": "1413923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923" }, { "category": "external", "summary": "1413955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955" }, { "category": "external", "summary": "1414163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1216.json" } ], "title": "Red Hat Security Advisory: java-1.7.1-ibm security update", "tracking": { "current_release_date": "2024-12-01T12:02:56+00:00", "generator": { "date": "2024-12-01T12:02:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:1216", "initial_release_date": "2017-05-09T16:41:26+00:00", "revision_history": [ { "date": "2017-05-09T16:41:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-05-09T16:41:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:02:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.6 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.6::el6" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product": { "name": "Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.7::el6" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "product": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x" }, "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)", "product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" }, "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "relates_to_product_reference": "6Server-Satellite56" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" }, "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x" }, "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "relates_to_product_reference": "6Server-Satellite57" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)", "product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" }, "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "relates_to_product_reference": "6Server-Satellite57" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-0264", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2016-04-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1331359" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: buffer overflow vulnerability in the IBM JVM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0264" }, { "category": "external", "summary": "RHBZ#1331359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264" }, { "category": "external", "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016" } ], "release_date": "2016-04-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: buffer overflow vulnerability in the IBM JVM" }, { "cve": "CVE-2016-0363", "discovery_date": "2016-04-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1324044" } ], "notes": [ { "category": "description", "text": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0363" }, { "category": "external", "summary": "RHBZ#1324044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0363", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363" }, { "category": "external", "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016" } ], "release_date": "2016-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix" }, { "cve": "CVE-2016-0376", "discovery_date": "2016-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1330986" } ], "notes": [ { "category": "description", "text": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0376" }, { "category": "external", "summary": "RHBZ#1330986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0376", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0376" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376" }, { "category": "external", "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016" } ], "release_date": "2016-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix" }, { "cve": "CVE-2016-0686", "discovery_date": "2016-04-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1327743" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0686" }, { "category": "external", "summary": "RHBZ#1327743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0686", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)" }, { "cve": "CVE-2016-0687", "discovery_date": "2016-04-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1327749" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0687" }, { "category": "external", "summary": "RHBZ#1327749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0687", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)" }, { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2016-3422", "discovery_date": "2016-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1328620" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3422" }, { "category": "external", "summary": "RHBZ#1328620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3422", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)" }, { "cve": "CVE-2016-3426", "discovery_date": "2016-04-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1328059" } ], "notes": [ { "category": "description", "text": "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3426" }, { "category": "external", "summary": "RHBZ#1328059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3426", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3426" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)" }, { "cve": "CVE-2016-3427", "discovery_date": "2016-04-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1328210" } ], "notes": [ { "category": "description", "text": "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3427" }, { "category": "external", "summary": "RHBZ#1328210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3427", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3427" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-05-12T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)" }, { "cve": "CVE-2016-3443", "discovery_date": "2016-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1328618" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3443" }, { "category": "external", "summary": "RHBZ#1328618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3443", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3443" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)" }, { "cve": "CVE-2016-3449", "discovery_date": "2016-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1328619" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3449" }, { "category": "external", "summary": "RHBZ#1328619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" } ], "release_date": "2016-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)" }, { "cve": "CVE-2016-3511", "discovery_date": "2016-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1358168" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3511" }, { "category": "external", "summary": "RHBZ#1358168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3511", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" } ], "release_date": "2016-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)" }, { "cve": "CVE-2016-3598", "discovery_date": "2016-06-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1356971" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3598" }, { "category": "external", "summary": "RHBZ#1356971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3598", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3598" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" } ], "release_date": "2016-07-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)" }, { "cve": "CVE-2016-5542", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1385723" } ], "notes": [ { "category": "description", "text": "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5542" }, { "category": "external", "summary": "RHBZ#1385723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5542", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5542" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" } ], "release_date": "2016-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)" }, { "cve": "CVE-2016-5546", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413911" } ], "notes": [ { "category": "description", "text": "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5546" }, { "category": "external", "summary": "RHBZ#1413911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5546", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)" }, { "cve": "CVE-2016-5547", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413764" } ], "notes": [ { "category": "description", "text": "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5547" }, { "category": "external", "summary": "RHBZ#1413764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5547", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)" }, { "cve": "CVE-2016-5548", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413920" } ], "notes": [ { "category": "description", "text": "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5548" }, { "category": "external", "summary": "RHBZ#1413920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5548", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)" }, { "cve": "CVE-2016-5549", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413923" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5549" }, { "category": "external", "summary": "RHBZ#1413923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5549", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5549" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)" }, { "cve": "CVE-2016-5552", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413882" } ], "notes": [ { "category": "description", "text": "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5552" }, { "category": "external", "summary": "RHBZ#1413882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5552", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)" }, { "cve": "CVE-2016-5554", "discovery_date": "2016-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1385714" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5554" }, { "category": "external", "summary": "RHBZ#1385714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5554", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5554" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" } ], "release_date": "2016-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)" }, { "cve": "CVE-2016-5556", "discovery_date": "2016-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1386408" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5556" }, { "category": "external", "summary": "RHBZ#1386408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5556", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5556" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" } ], "release_date": "2016-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)" }, { "cve": "CVE-2016-5573", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1385544" } ], "notes": [ { "category": "description", "text": "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim\u0027s browser send HTTP requests to the JDWP port of the debugged application.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5573" }, { "category": "external", "summary": "RHBZ#1385544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5573", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5573" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" } ], "release_date": "2016-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)" }, { "cve": "CVE-2016-5597", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2016-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1386103" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5597" }, { "category": "external", "summary": "RHBZ#1386103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5597", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" } ], "release_date": "2016-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)" }, { "cve": "CVE-2017-3231", "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413717" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3231" }, { "category": "external", "summary": "RHBZ#1413717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3231", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3231" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)" }, { "cve": "CVE-2017-3241", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413955" } ], "notes": [ { "category": "description", "text": "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3241" }, { "category": "external", "summary": "RHBZ#1413955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3241", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3241" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)" }, { "cve": "CVE-2017-3252", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413906" } ], "notes": [ { "category": "description", "text": "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3252" }, { "category": "external", "summary": "RHBZ#1413906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3252", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3252" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)" }, { "cve": "CVE-2017-3253", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413583" } ], "notes": [ { "category": "description", "text": "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3253" }, { "category": "external", "summary": "RHBZ#1413583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3253", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3253" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)" }, { "cve": "CVE-2017-3259", "discovery_date": "2017-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1414163" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3259" }, { "category": "external", "summary": "RHBZ#1414163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3259", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3259" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)" }, { "cve": "CVE-2017-3261", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413653" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3261" }, { "category": "external", "summary": "RHBZ#1413653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3261", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3261" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)" }, { "cve": "CVE-2017-3272", "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413554" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3272" }, { "category": "external", "summary": "RHBZ#1413554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3272", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3272" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)" }, { "cve": "CVE-2017-3289", "discovery_date": "2017-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1413562" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: insecure class construction (Hotspot, 8167104)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3289" }, { "category": "external", "summary": "RHBZ#1413562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3289", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289" } ], "release_date": "2017-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-05-09T16:41:26+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:1216" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src", "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x", "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "OpenJDK: insecure class construction (Hotspot, 8167104)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.