SciLinux: 2026:0651-1 critical: java-1.8.0-openjdk update

Critical: java-1.8.0-openjdk security update

Date: Tue, 19 Apr 2016 08:55:30 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0
Message-ID: <571638D2.6020206@fnal.gov>

The following FASTBUGS have been uploaded to

x86_64:
fence-agents-all-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-apc-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-apc-snmp-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-bladecenter-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-brocade-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-cisco-mds-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-cisco-ucs-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-common-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-compute-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-drac5-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-eaton-snmp-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-emerson-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-eps-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-hpblade-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ibmblade-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ifmib-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ilo2-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ilo-moonshot-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ilo-mp-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ilo-ssh-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-intelmodular-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ipdu-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-ipmilan-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-kdump-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-mpath-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-rhevm-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-rsa-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-rsb-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-scsi-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-virsh-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-vmware-soap-4.0.11-27.el7_2.7.x86_64.rpm
fence-agents-wti-4.0.11-27.el7_2.7.x86_64.rpm
libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-bash-completion-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-devel-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-gfs2-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-gobject-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-gobject-devel-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-gobject-doc-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-java-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-java-devel-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-javadoc-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-man-pages-ja-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-man-pages-uk-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-rescue-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-rsync-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-tools-1.28.1-1.55.el7_2.2.noarch.rpm
libguestfs-tools-c-1.28.1-1.55.el7_2.2.x86_64.rpm
libguestfs-xfs-1.28.1-1.55.el7_2.2.x86_64.rpm
lua-guestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
ocaml-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
ocaml-libguestfs-devel-1.28.1-1.55.el7_2.2.x86_64.rpm
perl-Sys-Guestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
python-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
resource-agents-3.9.5-54.el7_2.9.x86_64.rpm
ruby-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm
virt-v2v-1.28.1-1.55.el7_2.2.x86_64.rpm
Date: Wed, 20 Apr 2016 21:03:31 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: java-1.8.0-openjdk on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160420210331.4963.26738@slpackages.fnal.gov>

Synopsis: Critical: java-1.8.0-openjdk security update
Advisory ID: SLSA-2016:0651-1
Issue Date: 2016-04-20
CVE Numbers: CVE-2016-0686
 CVE-2016-0687
 CVE-2016-0695
 CVE-2016-3425
 CVE-2016-3426
 CVE-2016-3427
--

Security Fix(es):

* Multiple flaws were discovered in the Serialization and Hotspot
components in OpenJDK. An untrusted Java application or applet could use
these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-0686, CVE-2016-0687)

* It was discovered that the RMI server implementation in the JMX
component in OpenJDK did not restrict which classes can be deserialized
when deserializing authentication credentials. A remote, unauthenticated
attacker able to connect to a JMX port could possibly use this flaw to
trigger deserialization flaws. (CVE-2016-3427)

* It was discovered that the JAXP component in OpenJDK failed to properly
handle Unicode surrogate pairs used as part of the XML attribute values.
Specially crafted XML input could cause a Java application to use an
excessive amount of memory when parsed. (CVE-2016-3425)

* It was discovered that the GCM (Galois/Counter Mode) implementation in
the JCE component in OpenJDK used a non-constant time comparison when
comparing GCM authentication tags. A remote attacker could possibly use
this flaw to determine the value of the authentication tag.
(CVE-2016-3426)

* It was discovered that the Security component in OpenJDK failed to check
the digest algorithm strength when generating DSA signatures. The use of a
digest weaker than the key strength could lead to the generation of
signatures that were weaker than expected. (CVE-2016-0695)
--

SL6
 x86_64
 java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm
 java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm
 i386
 java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.i686.rpm
 java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.i686.rpm
 noarch
 java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm
 java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm

- Scientific Linux Development Team

Scientific Linux SL6.x: SLSA-2016:0651-1 critical: java-1.8.0-openjdk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Scientific Linux SL6.x: SLSA-2016:0651-1 critical: java-1.8.0-openjdk

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!