RHSA-2017:3453HighCVSS 9.8

Red Hat Security Advisory: java-1.8.0-ibm security update

Published
December 13, 2017
Last Modified
June 29, 2026

🔗 CVE IDs covered (42)

📋 Description

CVE-2016-9840 — zlib: Out-of-bound pointer arithmetic in inftrees.c CVE-2016-9841 — zlib: Out-of-bounds pointer arithmetic in inffast.c CVE-2016-9842 — zlib: Undefined left shift of negative number CVE-2016-9843 — zlib: Big-endian out-of-bounds pointer CVE-2016-10165 — lcms2: Out-of-bounds read in Type_MLU_Read() CVE-2017-1289 — JDK: XML External Entity Injection (XXE) error when processing XML data CVE-2017-3509 — OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520) CVE-2017-3511 — OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528) CVE-2017-3533 — OpenJDK: newline injection in the FTP client (Networking, 8170222) CVE-2017-3539 — OpenJDK: MD5 allowed for jar verification (Security, 8171121) CVE-2017-3544 — OpenJDK: newline injection in the SMTP client (Networking, 8171533) CVE-2017-10053 — OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209) CVE-2017-10067 — OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392) CVE-2017-10078 — OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539) CVE-2017-10087 — OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204) CVE-2017-10089 — OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461) CVE-2017-10090 — OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries) CVE-2017-10096 — OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469) CVE-2017-10101 — OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286) CVE-2017-10102 — OpenJDK: incorrect handling of references in DGC (RMI, 8163958) CVE-2017-10105 — JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment) CVE-2017-10107 — OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697) CVE-2017-10108 — OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105) CVE-2017-10109 — OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113) CVE-2017-10110 — OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098) CVE-2017-10115 — OpenJDK: DSA implementation timing attack (JCE, 8175106) CVE-2017-10116 — OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067) CVE-2017-10243 — OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054) CVE-2017-10281 — OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109) CVE-2017-10285 — OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966) CVE-2017-10295 — OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751) CVE-2017-10309 — JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment) CVE-2017-10345 — OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370) CVE-2017-10346 — OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) CVE-2017-10347 — OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323) CVE-2017-10348 — OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432) CVE-2017-10349 — OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327) CVE-2017-10350 — OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100) CVE-2017-10355 — OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612) CVE-2017-10356 — OpenJDK: weak protection of key stores against brute forcing (Security, 8181692) CVE-2017-10357 — OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597) CVE-2017-10388 — OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)

🔗 References (45)