Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:2079-1 Critical: Java OpenJDK Security Fix

Calendar Oct 19, 2016 User Avatar LinuxSecurity Advisories
6 - 11 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue critical software update java update java-1.8.0-openjdk scientific linux
Critical: java-1.8.0-openjdk security update 
Date: Mon, 17 Oct 2016 16:42:13 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Scientific Linux 5 Six Month Warning - SL5 End Of Life
MIME-Version: 1.0
Message-ID: <4f1ebbb8-2952-9b44-d6fd-f8295ccc370f@fnal.gov>

Hello,

Following the upstream release cycle, Scientific Linux 5 will reach End 
of Life March 31 2017.

After this date no additional updates will be published for Scientific 
Linux 5. This means no security updates for SL5 will be published after 
March 31 2017.

After March 31 2017:
- The installation trees will be moved into the obsolete directory.
- Kickstart and yum operations against the old repository locations will 
no longer work.

The files themselves will remain available under the 'obsolete' directory.

Users of Scientific Linux 5 should evaluate options for migrating to an 
actively maintained operating system.

Scientific Linux 6 and Scientific Linux 7 are actively maintained at 
this time.
Date: Tue, 18 Oct 2016 08:34:26 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0
 boundary="------------6E8F5BF205BA3C9F9FE605F3"
Message-ID: <6d79b987-d9d5-c26d-a61c-c8803fee4ac2@fnal.gov>

--------------6E8F5BF205BA3C9F9FE605F3

The following FASTBUGS have been uploaded to

i386:
grep-2.20-5.el6_8.i686.rpm
ipa-admintools-3.0.0-50.el6_8.3.i686.rpm
ipa-client-3.0.0-50.el6_8.3.i686.rpm
ipa-python-3.0.0-50.el6_8.3.i686.rpm
ipa-server-3.0.0-50.el6_8.3.i686.rpm
ipa-server-selinux-3.0.0-50.el6_8.3.i686.rpm
ipa-server-trust-ad-3.0.0-50.el6_8.3.i686.rpm
iscsi-initiator-utils-6.2.0.873-22.el6_8.i686.rpm
iscsi-initiator-utils-devel-6.2.0.873-22.el6_8.i686.rpm
lftp-4.0.9-6.el6_8.3.i686.rpm
lftp-scripts-4.0.9-6.el6_8.3.noarch.rpm
libtirpc-0.2.1-11.el6_8.i686.rpm
libtirpc-devel-0.2.1-11.el6_8.i686.rpm
nfs-utils-1.2.3-70.el6_8.2.i686.rpm
perl-Net-SSLeay-1.35-10.el6_8.1.i686.rpm

x86_64:
grep-2.20-5.el6_8.x86_64.rpm
ipa-admintools-3.0.0-50.el6_8.3.x86_64.rpm
ipa-client-3.0.0-50.el6_8.3.x86_64.rpm
ipa-python-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-selinux-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-trust-ad-3.0.0-50.el6_8.3.x86_64.rpm
iscsi-initiator-utils-6.2.0.873-22.el6_8.x86_64.rpm
iscsi-initiator-utils-devel-6.2.0.873-22.el6_8.x86_64.rpm
lftp-4.0.9-6.el6_8.3.i686.rpm
lftp-4.0.9-6.el6_8.3.x86_64.rpm
lftp-scripts-4.0.9-6.el6_8.3.noarch.rpm
libtirpc-0.2.1-11.el6_8.i686.rpm
libtirpc-0.2.1-11.el6_8.x86_64.rpm
libtirpc-devel-0.2.1-11.el6_8.i686.rpm
libtirpc-devel-0.2.1-11.el6_8.x86_64.rpm
nfs-utils-1.2.3-70.el6_8.2.x86_64.rpm
perl-Net-SSLeay-1.35-10.el6_8.1.x86_64.rpm

--------------6E8F5BF205BA3C9F9FE605F3

 
The following FASTBUGS have been uploaded to

i386:
grep-2.20-5.el6_8.i686.rpm
ipa-admintools-3.0.0-50.el6_8.3.i686.rpm
ipa-client-3.0.0-50.el6_8.3.i686.rpm
ipa-python-3.0.0-50.el6_8.3.i686.rpm
ipa-server-3.0.0-50.el6_8.3.i686.rpm
ipa-server-selinux-3.0.0-50.el6_8.3.i686.rpm
ipa-server-trust-ad-3.0.0-50.el6_8.3.i686.rpm
iscsi-initiator-utils-6.2.0.873-22.el6_8.i686.rpm
iscsi-initiator-utils-devel-6.2.0.873-22.el6_8.i686.rpm
lftp-4.0.9-6.el6_8.3.i686.rpm
lftp-scripts-4.0.9-6.el6_8.3.noarch.rpm
libtirpc-0.2.1-11.el6_8.i686.rpm
libtirpc-devel-0.2.1-11.el6_8.i686.rpm
nfs-utils-1.2.3-70.el6_8.2.i686.rpm
perl-Net-SSLeay-1.35-10.el6_8.1.i686.rpm

x86_64:
grep-2.20-5.el6_8.x86_64.rpm
ipa-admintools-3.0.0-50.el6_8.3.x86_64.rpm
ipa-client-3.0.0-50.el6_8.3.x86_64.rpm
ipa-python-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-selinux-3.0.0-50.el6_8.3.x86_64.rpm
ipa-server-trust-ad-3.0.0-50.el6_8.3.x86_64.rpm
iscsi-initiator-utils-6.2.0.873-22.el6_8.x86_64.rpm
iscsi-initiator-utils-devel-6.2.0.873-22.el6_8.x86_64.rpm
lftp-4.0.9-6.el6_8.3.i686.rpm
lftp-4.0.9-6.el6_8.3.x86_64.rpm
lftp-scripts-4.0.9-6.el6_8.3.noarch.rpm
libtirpc-0.2.1-11.el6_8.i686.rpm
libtirpc-0.2.1-11.el6_8.x86_64.rpm
libtirpc-devel-0.2.1-11.el6_8.i686.rpm
libtirpc-devel-0.2.1-11.el6_8.x86_64.rpm
nfs-utils-1.2.3-70.el6_8.2.x86_64.rpm
perl-Net-SSLeay-1.35-10.el6_8.1.x86_64.rpm



--------------6E8F5BF205BA3C9F9FE605F3--
Date: Wed, 19 Oct 2016 17:28:47 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: java-1.8.0-openjdk on SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20161019172847.7065.36322@slpackages.fnal.gov>

Synopsis: Critical: java-1.8.0-openjdk security update
Advisory ID: SLSA-2016:2079-1
Issue Date: 2016-10-19
CVE Numbers: CVE-2016-5582
 CVE-2016-5573
 CVE-2016-5554
 CVE-2016-5542
 CVE-2016-5597
--

Security Fix(es):

* It was discovered that the Hotspot component of OpenJDK did not properly
check arguments of the System.arraycopy() function in certain cases. An
untrusted Java application or applet could use this flaw to corrupt
virtual machine's memory and completely bypass Java sandbox restrictions.
(CVE-2016-5582)

* It was discovered that the Hotspot component of OpenJDK did not properly
check received Java Debug Wire Protocol (JDWP) packets. An attacker could
possibly use this flaw to send debugging commands to a Java program
running with debugging enabled if they could make victim's browser send
HTTP requests to the JDWP port of the debugged application.
(CVE-2016-5573)

* It was discovered that the Libraries component of OpenJDK did not
restrict the set of algorithms used for Jar integrity verification. This
flaw could allow an attacker to modify content of the Jar file that used
weak signing key or hash algorithm. (CVE-2016-5542)

Note: After this update, MD2 hash algorithm and RSA keys with less than
1024 bits are no longer allowed to be used for Jar integrity verification
by default. MD5 hash algorithm is expected to be disabled by default in
the future updates. A newly introduced security property
jdk.jar.disabledAlgorithms can be used to control the set of disabled
algorithms.

* A flaw was found in the way the JMX component of OpenJDK handled
classloaders. An untrusted Java application or applet could use this flaw
to bypass certain Java sandbox restrictions. (CVE-2016-5554)

* A flaw was found in the way the Networking component of OpenJDK handled
HTTP proxy authentication. A Java application could possibly expose HTTPS
server authentication credentials via a plain text network connection to
an HTTP proxy if proxy asked for authentication. (CVE-2016-5597)

Note: After this update, Basic HTTP proxy authentication can no longer be
used when tunneling HTTPS connection through an HTTP proxy. Newly
introduced system properties jdk.http.auth.proxying.disabledSchemes and
jdk.http.auth.tunneling.disabledSchemes can be used to control which
authentication schemes can be requested by an HTTP proxy when proxying
HTTP and HTTPS connections respectively.

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
--

SL6
 x86_64
 java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.x86_64.rpm
 java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.x86_64.rpm
 i386
 java-1.8.0-openjdk-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-debuginfo-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-headless-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-debug-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-demo-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-demo-debug-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-devel-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-devel-debug-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-headless-debug-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-src-1.8.0.111-0.b15.el6_8.i686.rpm
 java-1.8.0-openjdk-src-debug-1.8.0.111-0.b15.el6_8.i686.rpm
 noarch
 java-1.8.0-openjdk-javadoc-1.8.0.111-0.b15.el6_8.noarch.rpm
 java-1.8.0-openjdk-javadoc-debug-1.8.0.111-0.b15.el6_8.noarch.rpm
SL7
 x86_64
 java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-debuginfo-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-accessibility-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-accessibility-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-demo-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-demo-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-devel-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-devel-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-headless-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-src-1.8.0.111-1.b15.el7_2.x86_64.rpm
 java-1.8.0-openjdk-src-debug-1.8.0.111-1.b15.el7_2.x86_64.rpm
 noarch
 java-1.8.0-openjdk-javadoc-1.8.0.111-1.b15.el7_2.noarch.rpm
 java-1.8.0-openjdk-javadoc-debug-1.8.0.111-1.b15.el7_2.noarch.rpm

- Scientific Linux Development Team

Related News

Your message here