{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.91-11.1","java-1_8_0-openjdk-headless":"1.8.0.91-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.91-11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.91-11.1","java-1_8_0-openjdk-demo":"1.8.0.91-11.1","java-1_8_0-openjdk-devel":"1.8.0.91-11.1","java-1_8_0-openjdk-headless":"1.8.0.91-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.91-11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.91-11.1","java-1_8_0-openjdk-demo":"1.8.0.91-11.1","java-1_8_0-openjdk-devel":"1.8.0.91-11.1","java-1_8_0-openjdk-headless":"1.8.0.91-11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"java-1_8_0-openjdk","purl":"pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.91-11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU (bsc#976340):\n\n- CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. \n- CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component\n- CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component\n- CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP\n- CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE\n- CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX\n","id":"SUSE-SU-2016:1248-1","modified":"2016-05-06T07:49:19Z","published":"2016-05-06T07:49:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161248-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/976340"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0686"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0687"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3426"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3427"}],"related":["CVE-2016-0686","CVE-2016-0687","CVE-2016-0695","CVE-2016-3425","CVE-2016-3426","CVE-2016-3427"],"summary":"Security update for java-1_8_0-openjdk","upstream":["CVE-2016-0686","CVE-2016-0687","CVE-2016-0695","CVE-2016-3425","CVE-2016-3426","CVE-2016-3427"]}