Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHSA-2016:0723-01

Overview

Id RHSA-2016:0723-01
Name Red Hat 2016:0723-01 RHSA Critical: java-1.6.0-openjdk security update for RHEL 5 x86_64
Vendor Name red_hat
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 09 May 2016 12:00:00

RHSA-2016:0723-01

Red Hat 2016:0723-01 RHSA Critical: java-1.6.0-openjdk security update for RHEL 5 x86_64

Vendor Name

red_hat

Product

None

Released On

09 May 2016 12:00:00

Url

https://rhn.redhat.com/errata/RHSA-2016-0723.html

Description

LSAC(v2)
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:23:39