RHSA-2017:1216MediumCVSS 8.8

Red Hat Security Advisory: java-1.7.1-ibm security update

Published
May 9, 2017
Last Modified
June 3, 2026

🔗 CVE IDs covered (31)

CVE-2016-0686CVE-2016-5546CVE-2016-5573CVE-2016-5542CVE-2016-0264CVE-2016-0363CVE-2016-2183CVE-2016-3427CVE-2016-3443CVE-2016-5556CVE-2016-5597CVE-2016-0687CVE-2017-3261CVE-2016-3598CVE-2017-3231CVE-2016-3449CVE-2017-3272CVE-2016-0376CVE-2016-5548CVE-2017-3241CVE-2016-3426CVE-2016-5547CVE-2016-5549CVE-2017-3252CVE-2017-3253CVE-2017-3259CVE-2017-3289CVE-2016-3422CVE-2016-3511CVE-2016-5552CVE-2016-5554

📋 Description

CVE-2016-0264 — JDK: buffer overflow vulnerability in the IBM JVM CVE-2016-0363 — JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix CVE-2016-0376 — JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix CVE-2016-0686 — OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) CVE-2016-0687 — OpenJDK: insufficient byte type checks (Hotspot, 8132051) CVE-2016-2183 — SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) CVE-2016-3422 — JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) CVE-2016-3426 — OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) CVE-2016-3427 — OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) CVE-2016-3443 — JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) CVE-2016-3449 — JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) CVE-2016-3511 — JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment) CVE-2016-3598 — OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) CVE-2016-5542 — OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) CVE-2016-5546 — OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) CVE-2016-5547 — OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) CVE-2016-5548 — OpenJDK: DSA implementation timing attack (Libraries, 8168728) CVE-2016-5549 — OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) CVE-2016-5552 — OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) CVE-2016-5554 — OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739) CVE-2016-5556 — JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D) CVE-2016-5573 — OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519) CVE-2016-5597 — OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) CVE-2017-3231 — OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) CVE-2017-3241 — OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) CVE-2017-3252 — OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) CVE-2017-3253 — OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) CVE-2017-3259 — JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) CVE-2017-3261 — OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) CVE-2017-3272 — OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) CVE-2017-3289 — OpenJDK: insecure class construction (Hotspot, 8167104)

🔗 References (34)