Red Hat Security Advisory: java-1.6.0-sun security update
🔗 CVE IDs covered (18)
📋 Description
CVE-2016-9840 — zlib: Out-of-bound pointer arithmetic in inftrees.c CVE-2016-9841 — zlib: Out-of-bounds pointer arithmetic in inffast.c CVE-2016-9842 — zlib: Undefined left shift of negative number CVE-2016-9843 — zlib: Big-endian out-of-bounds pointer CVE-2017-10274 — OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026) CVE-2017-10281 — OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109) CVE-2017-10285 — OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966) CVE-2017-10293 — JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc) CVE-2017-10295 — OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751) CVE-2017-10345 — OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370) CVE-2017-10346 — OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) CVE-2017-10347 — OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323) CVE-2017-10348 — OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432) CVE-2017-10349 — OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327) CVE-2017-10355 — OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612) CVE-2017-10356 — OpenJDK: weak protection of key stores against brute forcing (Security, 8181692) CVE-2017-10357 — OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597) CVE-2017-10388 — OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2017:3047
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
- externalhttp://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_171
- externalhttp://www.oracle.com/technetwork/java/javase/eol-135779.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402345
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402346
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402348
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402351
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501868
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501873
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502038
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502053
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502611
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502614
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502629
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502687
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502858
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503169
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503320
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3047.json