Security update for java-1_7_0-openjdk
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:1230-1
Final
1
1
2016-05-04T10:53:13Z
current
2016-05-04T10:53:13Z
2016-05-04T10:53:13Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for java-1_7_0-openjdk
This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues.
These security issues were fixed:
- CVE-2016-0686: Ensure thread consistency (bsc#976340).
- CVE-2016-0687: Better byte behavior (bsc#976340).
- CVE-2016-0695: Make DSA more fair (bsc#976340).
- CVE-2016-3425: Better buffering of XML strings (bsc#976340).
- CVE-2016-3427: Improve JMX connections (bsc#976340).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
E-Mail link for openSUSE-SU-2016:1230-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
java-1_7_0-openjdk-1.7.0.101-22.1
java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
java-1_7_0-openjdk-demo-1.7.0.101-22.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-devel-1.7.0.101-22.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-headless-1.7.0.101-22.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
java-1_7_0-openjdk-src-1.7.0.101-22.1
java-1_7_0-openjdk-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-accessibility-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-debugsource-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-demo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-devel-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-headless-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-javadoc-1.7.0.101-22.1 as a component of openSUSE 13.2
java-1_7_0-openjdk-src-1.7.0.101-22.1 as a component of openSUSE 13.2
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
CVE-2016-0686
openSUSE 13.2:java-1_7_0-openjdk-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.101-22.1
important
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
https://www.suse.com/security/cve/CVE-2016-0686.html
CVE-2016-0686
https://bugzilla.suse.com/976340
SUSE Bug 976340
https://bugzilla.suse.com/979252
SUSE Bug 979252
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
CVE-2016-0687
openSUSE 13.2:java-1_7_0-openjdk-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.101-22.1
important
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
https://www.suse.com/security/cve/CVE-2016-0687.html
CVE-2016-0687
https://bugzilla.suse.com/976340
SUSE Bug 976340
https://bugzilla.suse.com/979252
SUSE Bug 979252
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2016-0695
openSUSE 13.2:java-1_7_0-openjdk-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.101-22.1
important
2.5
AV:N/AC:H/Au:N/C:P/I:N/A:N
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
https://www.suse.com/security/cve/CVE-2016-0695.html
CVE-2016-0695
https://bugzilla.suse.com/976340
SUSE Bug 976340
https://bugzilla.suse.com/979252
SUSE Bug 979252
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
CVE-2016-3425
openSUSE 13.2:java-1_7_0-openjdk-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.101-22.1
important
4.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
https://www.suse.com/security/cve/CVE-2016-3425.html
CVE-2016-3425
https://bugzilla.suse.com/976340
SUSE Bug 976340
https://bugzilla.suse.com/979252
SUSE Bug 979252
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-3427
openSUSE 13.2:java-1_7_0-openjdk-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-accessibility-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-debugsource-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-javadoc-1.7.0.101-22.1
openSUSE 13.2:java-1_7_0-openjdk-src-1.7.0.101-22.1
important
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Please Install the update.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
https://www.suse.com/security/cve/CVE-2016-3427.html
CVE-2016-3427
https://bugzilla.suse.com/1011805
SUSE Bug 1011805
https://bugzilla.suse.com/976340
SUSE Bug 976340
https://bugzilla.suse.com/979252
SUSE Bug 979252