Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-3598 (GCVE-0-2016-3598)
Vulnerability from cvelistv5 – Published: 2016-07-21 10:00 – Updated: 2024-10-11 20:41
VLAI
EPSS
Summary
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2016-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:33.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3043-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name": "SUSE-SU-2016:2261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "91918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91918"
},
{
"name": "SUSE-SU-2016:2012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "SUSE-SU-2016:2286",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
},
{
"name": "openSUSE-SU-2016:2051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "RHSA-2016:1587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
},
{
"name": "1036365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "GLSA-201701-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:1589",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
},
{
"name": "USN-3062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "RHSA-2016:1458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name": "openSUSE-SU-2016:2050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "openSUSE-SU-2016:1979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "RHSA-2016:1588",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
},
{
"name": "openSUSE-SU-2016:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name": "RHSA-2016:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-3598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:52:53.904652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T20:41:12.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-3043-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name": "SUSE-SU-2016:2261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "91918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91918"
},
{
"name": "SUSE-SU-2016:2012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "SUSE-SU-2016:2286",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
},
{
"name": "openSUSE-SU-2016:2051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "RHSA-2016:1587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
},
{
"name": "1036365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "GLSA-201701-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:1589",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
},
{
"name": "USN-3062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "RHSA-2016:1458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name": "openSUSE-SU-2016:2050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "openSUSE-SU-2016:1979",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "RHSA-2016:1588",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
},
{
"name": "openSUSE-SU-2016:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name": "RHSA-2016:1504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3043-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name": "SUSE-SU-2016:2261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "91918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91918"
},
{
"name": "SUSE-SU-2016:2012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "SUSE-SU-2016:2286",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
},
{
"name": "openSUSE-SU-2016:2051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "RHSA-2016:1587",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
},
{
"name": "1036365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "GLSA-201701-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:1589",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
},
{
"name": "USN-3062-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1997",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "RHSA-2016:1458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name": "openSUSE-SU-2016:2050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "openSUSE-SU-2016:1979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "RHSA-2016:1588",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
},
{
"name": "openSUSE-SU-2016:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name": "RHSA-2016:1504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3598",
"datePublished": "2016-07-21T10:00:00.000Z",
"dateReserved": "2016-03-17T00:00:00.000Z",
"dateUpdated": "2024-10-11T20:41:12.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-3598",
"date": "2026-05-27",
"epss": "0.07073",
"percentile": "0.91621"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"429DC535-FA00-4309-AD75-E79F238A4B29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*\", \"matchCriteriaId\": \"95C17CAA-0971-44CB-8A04-F135ACBEFBF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update91:*:*:*:*:*:*\", \"matchCriteriaId\": \"35E4B9B9-917E-4EB1-B8ED-B69D5589A0BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update92:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC93807-F81D-4F4C-AD4F-3F0A45C36F34\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3CCD459-9E6D-4731-8054-CDF8B58454A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC7A498A-A669-4C42-8134-86103C799D13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\\u00e9s de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3610.\"}]",
"id": "CVE-2016-3598",
"lastModified": "2024-11-21T02:50:21.503",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-07-21T10:14:38.613",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1504.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1587.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1588.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1589.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/91918\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036365\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3043-1\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3062-1\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1458\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1475\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1216\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-08\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-43\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1504.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1587.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1588.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1589.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/91918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036365\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3043-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3062-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1458\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3598\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2016-07-21T10:14:38.613\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Oracle Java SE 8u92 y Java SE Embedded 8u91 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores relacionados con Libraries, una vulnerabilidad diferente a CVE-2016-3610.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"429DC535-FA00-4309-AD75-E79F238A4B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*\",\"matchCriteriaId\":\"95C17CAA-0971-44CB-8A04-F135ACBEFBF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"35E4B9B9-917E-4EB1-B8ED-B69D5589A0BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update92:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC93807-F81D-4F4C-AD4F-3F0A45C36F34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3CCD459-9E6D-4731-8054-CDF8B58454A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC7A498A-A669-4C42-8134-86103C799D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1504.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1587.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1588.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1589.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91787\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/91918\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id/1036365\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3043-1\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3062-1\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1458\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1475\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1216\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://security.gentoo.org/glsa/201610-08\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://security.gentoo.org/glsa/201701-43\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20160721-0001/\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1504.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1587.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1588.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1589.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/91918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3043-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3062-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201610-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20160721-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.ubuntu.com/usn/USN-3043-1\", \"name\": \"USN-3043-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\", \"name\": \"SUSE-SU-2016:2261\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201610-08\", \"name\": \"GLSA-201610-08\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/91918\", \"name\": \"91918\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\", \"name\": \"SUSE-SU-2016:2012\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\", \"name\": \"openSUSE-SU-2016:2052\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1475\", \"name\": \"RHSA-2016:1475\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\", \"name\": \"SUSE-SU-2016:2286\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\", \"name\": \"openSUSE-SU-2016:2051\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1587.html\", \"name\": \"RHSA-2016:1587\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1036365\", \"name\": \"1036365\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-43\", \"name\": \"GLSA-201701-43\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1589.html\", \"name\": \"RHSA-2016:1589\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3062-1\", \"name\": \"USN-3062-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"name\": \"91787\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\", \"name\": \"SUSE-SU-2016:1997\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1216\", \"name\": \"RHSA-2017:1216\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1458\", \"name\": \"RHSA-2016:1458\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\", \"name\": \"openSUSE-SU-2016:2050\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\", \"name\": \"openSUSE-SU-2016:1979\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1588.html\", \"name\": \"RHSA-2016:1588\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\", \"name\": \"openSUSE-SU-2016:2058\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1504.html\", \"name\": \"RHSA-2016:1504\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T00:03:33.604Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-3598\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T19:52:53.904652Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T19:53:23.908Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-07-19T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.ubuntu.com/usn/USN-3043-1\", \"name\": \"USN-3043-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\", \"name\": \"SUSE-SU-2016:2261\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.gentoo.org/glsa/201610-08\", \"name\": \"GLSA-201610-08\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://www.securityfocus.com/bid/91918\", \"name\": \"91918\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\", \"name\": \"SUSE-SU-2016:2012\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\", \"name\": \"openSUSE-SU-2016:2052\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1475\", \"name\": \"RHSA-2016:1475\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\", \"name\": \"SUSE-SU-2016:2286\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\", \"name\": \"openSUSE-SU-2016:2051\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1587.html\", \"name\": \"RHSA-2016:1587\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securitytracker.com/id/1036365\", \"name\": \"1036365\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-43\", \"name\": \"GLSA-201701-43\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1589.html\", \"name\": \"RHSA-2016:1589\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3062-1\", \"name\": \"USN-3062-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"name\": \"91787\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\", \"name\": \"SUSE-SU-2016:1997\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1216\", \"name\": \"RHSA-2017:1216\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1458\", \"name\": \"RHSA-2016:1458\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\", \"name\": \"openSUSE-SU-2016:2050\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\", \"name\": \"openSUSE-SU-2016:1979\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1588.html\", \"name\": \"RHSA-2016:1588\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\", \"name\": \"openSUSE-SU-2016:2058\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1504.html\", \"name\": \"RHSA-2016:1504\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2018-01-04T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.ubuntu.com/usn/USN-3043-1\", \"name\": \"USN-3043-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html\", \"name\": \"SUSE-SU-2016:2261\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"name\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-08\", \"name\": \"GLSA-201610-08\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://www.securityfocus.com/bid/91918\", \"name\": \"91918\", \"refsource\": \"BID\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html\", \"name\": \"SUSE-SU-2016:2012\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html\", \"name\": \"openSUSE-SU-2016:2052\", \"refsource\": \"SUSE\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20160721-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1475\", \"name\": \"RHSA-2016:1475\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html\", \"name\": \"SUSE-SU-2016:2286\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html\", \"name\": \"openSUSE-SU-2016:2051\", \"refsource\": \"SUSE\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1587.html\", \"name\": \"RHSA-2016:1587\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securitytracker.com/id/1036365\", \"name\": \"1036365\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-43\", \"name\": \"GLSA-201701-43\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1589.html\", \"name\": \"RHSA-2016:1589\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3062-1\", \"name\": \"USN-3062-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"name\": \"91787\", \"refsource\": \"BID\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html\", \"name\": \"SUSE-SU-2016:1997\", \"refsource\": \"SUSE\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1216\", \"name\": \"RHSA-2017:1216\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1458\", \"name\": \"RHSA-2016:1458\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html\", \"name\": \"openSUSE-SU-2016:2050\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html\", \"name\": \"openSUSE-SU-2016:1979\", \"refsource\": \"SUSE\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1588.html\", \"name\": \"RHSA-2016:1588\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html\", \"name\": \"openSUSE-SU-2016:2058\", \"refsource\": \"SUSE\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1504.html\", \"name\": \"RHSA-2016:1504\", \"refsource\": \"REDHAT\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-3598\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2016-3598\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-11T20:41:12.037Z\", \"dateReserved\": \"2016-03-17T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2016-07-21T10:00:00.000Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2016_1589
Vulnerability from csaf_redhat - Published: 2016-08-10 16:56 - Updated: 2024-11-14 19:57Summary
Red Hat Security Advisory: java-1.7.0-ibm security update
Severity
Critical
Notes
Topic: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 7 to version 7 SR9-FP50.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
7.0 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
8.8 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7 SR9-FP50.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-3511, CVE-2016-3598)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1589",
"url": "https://access.redhat.com/errata/RHSA-2016:1589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"category": "external",
"summary": "1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1589.json"
}
],
"title": "Red Hat Security Advisory: java-1.7.0-ibm security update",
"tracking": {
"current_release_date": "2024-11-14T19:57:40+00:00",
"generator": {
"date": "2024-11-14T19:57:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1589",
"initial_release_date": "2016-08-10T16:56:34+00:00",
"revision_history": [
{
"date": "2016-08-10T16:56:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-08-10T16:56:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:57:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-plugin@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-plugin@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-plugin@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_id": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-devel@1.7.0.9.50-1jpp.1.el5_11?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_id": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-demo@1.7.0.9.50-1jpp.1.el5_11?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_id": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm@1.7.0.9.50-1jpp.1.el5_11?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_id": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-src@1.7.0.9.50-1jpp.1.el5_11?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_id": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.0-ibm-jdbc@1.7.0.9.50-1jpp.1.el5_11?arch=s390\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Client-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
},
"product_reference": "java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"relates_to_product_reference": "5Server-Supplementary-5.11.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3511",
"discovery_date": "2016-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "RHBZ#1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-10T16:56:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take effect.",
"product_ids": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1589"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)"
},
{
"cve": "CVE-2016-3598",
"discovery_date": "2016-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1356971"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "RHBZ#1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-10T16:56:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take effect.",
"product_ids": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1589"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Client-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-demo-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-devel-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-jdbc-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-plugin-1:1.7.0.9.50-1jpp.1.el5_11.x86_64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.i386",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.ppc64",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.s390x",
"5Server-Supplementary-5.11.Z:java-1.7.0-ibm-src-1:1.7.0.9.50-1jpp.1.el5_11.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)"
}
]
}
RHSA-2017:1216
Vulnerability from csaf_redhat - Published: 2017-05-09 16:41 - Updated: 2026-05-13 00:57Summary
Red Hat Security Advisory: java-1.7.1-ibm security update
Severity
Moderate
Notes
Topic: An update for java-1.7.1-ibm is now available for Red Hat
Satellite 5.7 and Red Hat Satellite 5.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
5.1 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
4.3 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.
2.6 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
5.1 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
7.0 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.
CWE-327 - Use of a Broken or Risky Cryptographic AlgorithmAffected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.
8.1 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
167 references
Acknowledgments
OpenVPN
Inria
Karthikeyan Bhargavan
Gaëtan Leurent
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for java-1.7.1-ibm is now available for Red Hat\nSatellite 5.7 and Red Hat Satellite 5.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1216",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"category": "external",
"summary": "1327743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
},
{
"category": "external",
"summary": "1327749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
},
{
"category": "external",
"summary": "1328059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1328210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
},
{
"category": "external",
"summary": "1328618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
},
{
"category": "external",
"summary": "1328619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
},
{
"category": "external",
"summary": "1328620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
},
{
"category": "external",
"summary": "1330986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
},
{
"category": "external",
"summary": "1331359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
},
{
"category": "external",
"summary": "1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1385544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
},
{
"category": "external",
"summary": "1385714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
},
{
"category": "external",
"summary": "1385723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
},
{
"category": "external",
"summary": "1386103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
},
{
"category": "external",
"summary": "1386408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
},
{
"category": "external",
"summary": "1413554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
},
{
"category": "external",
"summary": "1413562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
},
{
"category": "external",
"summary": "1413583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
},
{
"category": "external",
"summary": "1413653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
},
{
"category": "external",
"summary": "1413717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
},
{
"category": "external",
"summary": "1413764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
},
{
"category": "external",
"summary": "1413882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
},
{
"category": "external",
"summary": "1413906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
},
{
"category": "external",
"summary": "1413911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
},
{
"category": "external",
"summary": "1413920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
},
{
"category": "external",
"summary": "1413923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
},
{
"category": "external",
"summary": "1413955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
},
{
"category": "external",
"summary": "1324044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
},
{
"category": "external",
"summary": "1414163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1216.json"
}
],
"title": "Red Hat Security Advisory: java-1.7.1-ibm security update",
"tracking": {
"current_release_date": "2026-05-13T00:57:25+00:00",
"generator": {
"date": "2026-05-13T00:57:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:1216",
"initial_release_date": "2017-05-09T16:41:26+00:00",
"revision_history": [
{
"date": "2017-05-09T16:41:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-05-09T16:41:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-13T00:57:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.7 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite57"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0264",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2016-04-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1331359"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: buffer overflow vulnerability in the IBM JVM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0264"
},
{
"category": "external",
"summary": "RHBZ#1331359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: buffer overflow vulnerability in the IBM JVM"
},
{
"cve": "CVE-2016-0363",
"discovery_date": "2016-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1324044"
}
],
"notes": [
{
"category": "description",
"text": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0363"
},
{
"category": "external",
"summary": "RHBZ#1324044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix"
},
{
"cve": "CVE-2016-0376",
"discovery_date": "2016-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1330986"
}
],
"notes": [
{
"category": "description",
"text": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0376"
},
{
"category": "external",
"summary": "RHBZ#1330986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0376",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix"
},
{
"cve": "CVE-2016-0686",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1327743"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0686"
},
{
"category": "external",
"summary": "RHBZ#1327743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)"
},
{
"cve": "CVE-2016-0687",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1327749"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0687"
},
{
"category": "external",
"summary": "RHBZ#1327749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)"
},
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2016-3422",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328620"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3422"
},
{
"category": "external",
"summary": "RHBZ#1328620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3422",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
},
{
"cve": "CVE-2016-3426",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328059"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3426"
},
{
"category": "external",
"summary": "RHBZ#1328059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)"
},
{
"cve": "CVE-2016-3427",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328210"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3427"
},
{
"category": "external",
"summary": "RHBZ#1328210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3427",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)"
},
{
"cve": "CVE-2016-3443",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328618"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3443"
},
{
"category": "external",
"summary": "RHBZ#1328618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3443",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3443"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
},
{
"cve": "CVE-2016-3449",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328619"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3449"
},
{
"category": "external",
"summary": "RHBZ#1328619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3449"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)"
},
{
"cve": "CVE-2016-3511",
"discovery_date": "2016-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "RHBZ#1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)"
},
{
"cve": "CVE-2016-3598",
"discovery_date": "2016-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1356971"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "RHBZ#1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)"
},
{
"cve": "CVE-2016-5542",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385723"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5542"
},
{
"category": "external",
"summary": "RHBZ#1385723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5542",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)"
},
{
"cve": "CVE-2016-5546",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413911"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5546"
},
{
"category": "external",
"summary": "RHBZ#1413911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5546",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)"
},
{
"cve": "CVE-2016-5547",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413764"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5547"
},
{
"category": "external",
"summary": "RHBZ#1413764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)"
},
{
"cve": "CVE-2016-5548",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413920"
}
],
"notes": [
{
"category": "description",
"text": "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5548"
},
{
"category": "external",
"summary": "RHBZ#1413920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)"
},
{
"cve": "CVE-2016-5549",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413923"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5549"
},
{
"category": "external",
"summary": "RHBZ#1413923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)"
},
{
"cve": "CVE-2016-5552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413882"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5552"
},
{
"category": "external",
"summary": "RHBZ#1413882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5552",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)"
},
{
"cve": "CVE-2016-5554",
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5554"
},
{
"category": "external",
"summary": "RHBZ#1385714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5554",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5554"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)"
},
{
"cve": "CVE-2016-5556",
"discovery_date": "2016-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1386408"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5556"
},
{
"category": "external",
"summary": "RHBZ#1386408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5556",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5556"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)"
},
{
"cve": "CVE-2016-5573",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385544"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim\u0027s browser send HTTP requests to the JDWP port of the debugged application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5573"
},
{
"category": "external",
"summary": "RHBZ#1385544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5573",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)"
},
{
"cve": "CVE-2016-5597",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1386103"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5597"
},
{
"category": "external",
"summary": "RHBZ#1386103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)"
},
{
"cve": "CVE-2017-3231",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413717"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3231"
},
{
"category": "external",
"summary": "RHBZ#1413717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)"
},
{
"cve": "CVE-2017-3241",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413955"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3241"
},
{
"category": "external",
"summary": "RHBZ#1413955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3241",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)"
},
{
"cve": "CVE-2017-3252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413906"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3252"
},
{
"category": "external",
"summary": "RHBZ#1413906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3252",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)"
},
{
"cve": "CVE-2017-3253",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413583"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3253"
},
{
"category": "external",
"summary": "RHBZ#1413583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)"
},
{
"cve": "CVE-2017-3259",
"discovery_date": "2017-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1414163"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3259"
},
{
"category": "external",
"summary": "RHBZ#1414163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)"
},
{
"cve": "CVE-2017-3261",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413653"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3261"
},
{
"category": "external",
"summary": "RHBZ#1413653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)"
},
{
"cve": "CVE-2017-3272",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413554"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3272"
},
{
"category": "external",
"summary": "RHBZ#1413554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3272",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3272"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)"
},
{
"cve": "CVE-2017-3289",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413562"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insecure class construction (Hotspot, 8167104)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3289"
},
{
"category": "external",
"summary": "RHBZ#1413562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insecure class construction (Hotspot, 8167104)"
}
]
}
RHSA-2017_1216
Vulnerability from csaf_redhat - Published: 2017-05-09 16:41 - Updated: 2024-12-01 12:02Summary
Red Hat Security Advisory: java-1.7.1-ibm security update
Severity
Moderate
Notes
Topic: An update for java-1.7.1-ibm is now available for Red Hat
Satellite 5.7 and Red Hat Satellite 5.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.
Security Fix(es):
* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
5.1 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
4.3 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.
2.6 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
6.8 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
5.1 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
7.0 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.
CWE-327 - Use of a Broken or Risky Cryptographic AlgorithmAffected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).
6.5 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.
8.1 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.
5.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.
7.5 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
4.3 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
8.8 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
167 references
Acknowledgments
OpenVPN
Inria
Karthikeyan Bhargavan
Gaëtan Leurent
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for java-1.7.1-ibm is now available for Red Hat\nSatellite 5.7 and Red Hat Satellite 5.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1216",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1324044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
},
{
"category": "external",
"summary": "1327743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
},
{
"category": "external",
"summary": "1327749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
},
{
"category": "external",
"summary": "1328059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
},
{
"category": "external",
"summary": "1328210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
},
{
"category": "external",
"summary": "1328618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
},
{
"category": "external",
"summary": "1328619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
},
{
"category": "external",
"summary": "1328620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
},
{
"category": "external",
"summary": "1330986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
},
{
"category": "external",
"summary": "1331359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
},
{
"category": "external",
"summary": "1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1385544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
},
{
"category": "external",
"summary": "1385714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
},
{
"category": "external",
"summary": "1385723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
},
{
"category": "external",
"summary": "1386103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
},
{
"category": "external",
"summary": "1386408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
},
{
"category": "external",
"summary": "1413554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
},
{
"category": "external",
"summary": "1413562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
},
{
"category": "external",
"summary": "1413583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
},
{
"category": "external",
"summary": "1413653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
},
{
"category": "external",
"summary": "1413717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
},
{
"category": "external",
"summary": "1413764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
},
{
"category": "external",
"summary": "1413882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
},
{
"category": "external",
"summary": "1413906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
},
{
"category": "external",
"summary": "1413911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
},
{
"category": "external",
"summary": "1413920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
},
{
"category": "external",
"summary": "1413923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
},
{
"category": "external",
"summary": "1413955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
},
{
"category": "external",
"summary": "1414163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1216.json"
}
],
"title": "Red Hat Security Advisory: java-1.7.1-ibm security update",
"tracking": {
"current_release_date": "2024-12-01T12:02:56+00:00",
"generator": {
"date": "2024-12-01T12:02:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2017:1216",
"initial_release_date": "2017-05-09T16:41:26+00:00",
"revision_history": [
{
"date": "2017-05-09T16:41:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-05-09T16:41:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-01T12:02:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.7 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.7::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"relates_to_product_reference": "6Server-Satellite57"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
"product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
},
"product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"relates_to_product_reference": "6Server-Satellite57"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0264",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2016-04-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1331359"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: buffer overflow vulnerability in the IBM JVM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0264"
},
{
"category": "external",
"summary": "RHBZ#1331359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: buffer overflow vulnerability in the IBM JVM"
},
{
"cve": "CVE-2016-0363",
"discovery_date": "2016-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1324044"
}
],
"notes": [
{
"category": "description",
"text": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0363"
},
{
"category": "external",
"summary": "RHBZ#1324044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix"
},
{
"cve": "CVE-2016-0376",
"discovery_date": "2016-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1330986"
}
],
"notes": [
{
"category": "description",
"text": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0376"
},
{
"category": "external",
"summary": "RHBZ#1330986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0376",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376"
},
{
"category": "external",
"summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
}
],
"release_date": "2016-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix"
},
{
"cve": "CVE-2016-0686",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1327743"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0686"
},
{
"category": "external",
"summary": "RHBZ#1327743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)"
},
{
"cve": "CVE-2016-0687",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1327749"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0687"
},
{
"category": "external",
"summary": "RHBZ#1327749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)"
},
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2016-3422",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328620"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3422"
},
{
"category": "external",
"summary": "RHBZ#1328620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3422",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
},
{
"cve": "CVE-2016-3426",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328059"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3426"
},
{
"category": "external",
"summary": "RHBZ#1328059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)"
},
{
"cve": "CVE-2016-3427",
"discovery_date": "2016-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328210"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3427"
},
{
"category": "external",
"summary": "RHBZ#1328210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3427",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)"
},
{
"cve": "CVE-2016-3443",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328618"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3443"
},
{
"category": "external",
"summary": "RHBZ#1328618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3443",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3443"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
},
{
"cve": "CVE-2016-3449",
"discovery_date": "2016-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1328619"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3449"
},
{
"category": "external",
"summary": "RHBZ#1328619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3449"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
}
],
"release_date": "2016-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)"
},
{
"cve": "CVE-2016-3511",
"discovery_date": "2016-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358168"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "RHBZ#1358168",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)"
},
{
"cve": "CVE-2016-3598",
"discovery_date": "2016-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1356971"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "RHBZ#1356971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
}
],
"release_date": "2016-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)"
},
{
"cve": "CVE-2016-5542",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385723"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5542"
},
{
"category": "external",
"summary": "RHBZ#1385723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5542",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)"
},
{
"cve": "CVE-2016-5546",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413911"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5546"
},
{
"category": "external",
"summary": "RHBZ#1413911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5546",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)"
},
{
"cve": "CVE-2016-5547",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413764"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5547"
},
{
"category": "external",
"summary": "RHBZ#1413764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)"
},
{
"cve": "CVE-2016-5548",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413920"
}
],
"notes": [
{
"category": "description",
"text": "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5548"
},
{
"category": "external",
"summary": "RHBZ#1413920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)"
},
{
"cve": "CVE-2016-5549",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413923"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5549"
},
{
"category": "external",
"summary": "RHBZ#1413923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)"
},
{
"cve": "CVE-2016-5552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413882"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5552"
},
{
"category": "external",
"summary": "RHBZ#1413882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5552",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)"
},
{
"cve": "CVE-2016-5554",
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5554"
},
{
"category": "external",
"summary": "RHBZ#1385714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5554",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5554"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)"
},
{
"cve": "CVE-2016-5556",
"discovery_date": "2016-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1386408"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5556"
},
{
"category": "external",
"summary": "RHBZ#1386408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5556",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5556"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)"
},
{
"cve": "CVE-2016-5573",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1385544"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim\u0027s browser send HTTP requests to the JDWP port of the debugged application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5573"
},
{
"category": "external",
"summary": "RHBZ#1385544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5573",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)"
},
{
"cve": "CVE-2016-5597",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2016-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1386103"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5597"
},
{
"category": "external",
"summary": "RHBZ#1386103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
}
],
"release_date": "2016-10-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)"
},
{
"cve": "CVE-2017-3231",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413717"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3231"
},
{
"category": "external",
"summary": "RHBZ#1413717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3231",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)"
},
{
"cve": "CVE-2017-3241",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413955"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3241"
},
{
"category": "external",
"summary": "RHBZ#1413955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3241",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)"
},
{
"cve": "CVE-2017-3252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413906"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3252"
},
{
"category": "external",
"summary": "RHBZ#1413906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3252",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3252"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)"
},
{
"cve": "CVE-2017-3253",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413583"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3253"
},
{
"category": "external",
"summary": "RHBZ#1413583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)"
},
{
"cve": "CVE-2017-3259",
"discovery_date": "2017-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1414163"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3259"
},
{
"category": "external",
"summary": "RHBZ#1414163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259"
},
{
"category": "external",
"summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)"
},
{
"cve": "CVE-2017-3261",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413653"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3261"
},
{
"category": "external",
"summary": "RHBZ#1413653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)"
},
{
"cve": "CVE-2017-3272",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413554"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3272"
},
{
"category": "external",
"summary": "RHBZ#1413554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3272",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3272"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)"
},
{
"cve": "CVE-2017-3289",
"discovery_date": "2017-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1413562"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: insecure class construction (Hotspot, 8167104)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-3289"
},
{
"category": "external",
"summary": "RHBZ#1413562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-3289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289"
}
],
"release_date": "2017-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-09T16:41:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
"6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
"6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "OpenJDK: insecure class construction (Hotspot, 8167104)"
}
]
}
SUSE-SU-2016:1997-1
Vulnerability from csaf_suse - Published: 2016-08-09 11:33 - Updated: 2016-08-09 11:33Summary
Security update for java-1_7_0-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-1_7_0-openjdk
Description of the patch:
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.7 - OpenJDK 7u111
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)
* Import of OpenJDK 7 u111 build 0
- S6953295: Move few sun.security.{util, x509, pkcs} classes
used by keytool/jarsigner to another package
- S7060849: Eliminate pack200 build warnings
- S7064075: Security libraries don't build with
javac -Xlint:all,-deprecation -Werror
- S7069870: Parts of the JDK erroneously rely on generic array
initializers with diamond
- S7102686: Restructure timestamp code so that jars and modules
can more easily share the same code
- S7105780: Add SSLSocket client/SSLEngine server to templates
directory
- S7142339: PKCS7.java is needlessly creating SHA1PRNG
SecureRandom instances when timestamping is not done
- S7152582: PKCS11 tests should use the NSS libraries available
in the OS
- S7192202: Make sure keytool prints both unknown and
unparseable extensions
- S7194449: String resources for Key Tool and Policy Tool
should be in their respective packages
- S7196855: autotest.sh fails on ubuntu because libsoftokn.so
not found
- S7200682: TEST_BUG: keytool/autotest.sh still has problems
with libsoftokn.so
- S8002306: (se) Selector.open fails if invoked with thread
interrupt status set [win]
- S8009636: JARSigner including TimeStamp PolicyID
(TSAPolicyID) as defined in RFC3161
- S8019341: Update CookieHttpsClientTest to use the newer
framework.
- S8022228: Intermittent test failures in
sun/security/ssl/javax/net/ssl/NewAPIs
- S8022439: Fix lint warnings in sun.security.ec
- S8022594: Potential deadlock in <clinit> of
sun.nio.ch.Util/IOUtil
- S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails
intermittently
- S8036612: [parfait] JNI exception pending in
jdk/src/windows/native/sun/security/mscapi/security.cpp
- S8037557: test SessionCacheSizeTests.java timeout
- S8038837: Add support to jarsigner for specifying timestamp
hash algorithm
- S8079410: Hotspot version to share the same update and build
version from JDK
- S8130735: javax.swing.TimerQueue: timer fires late when
another timer starts
- S8139436: sun.security.mscapi.KeyStore might load incomplete
data
- S8144313: Test SessionTimeOutTests can be timeout
- S8146387: Test SSLSession/SessionCacheSizeTests socket
accept timed out
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression
tests fail after JDK-8138811
- S8147857: [TEST] RMIConnector logs attribute names incorrectly
- S8151841, PR3098: Build needs additional flags to compile
with GCC 6
- S8151876: (tz) Support tzdata2016d
- S8157077: 8u101 L10n resource file updates
- S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow
not known.
* Import of OpenJDK 7 u111 build 1
- S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java failing
- S8140344: add support for 3 digit update release numbers
- S8145017: Add support for 3 digit hotspot minor version
numbers
- S8162344: The API changes made by CR 7064075 need to be
reverted
* Backports
- S2178143, PR2958: JVM crashes if the number of bound CPUs
changed during runtime
- S4900206, PR3101: Include worst-case rounding tests for Math
library functions
- S6260348, PR3067: GTK+ L&F JTextComponent not respecting
desktop caret blink rate
- S6934604, PR3075: enable parts of EliminateAutoBox by default
- S7043064, PR3020: sun/java2d/cmm/ tests failed against
RI b141 & b138-nightly
- S7051394, PR3020: NullPointerException when running
regression tests LoadProfileTest by using openjdk-7-b144
- S7086015, PR3013: fix
test/tools/javac/parser/netbeans/JavacParserTest.java
- S7119487, PR3013: JavacParserTest.java test fails on Windows
platforms
- S7124245, PR3020: [lcms] ColorConvertOp to color space
CS_GRAY apparently converts orange to 244,244,0
- S7159445, PR3013: (javac) emits inaccurate diagnostics for
enhanced for-loops
- S7175845, PR1437, RH1207129: 'jar uf' changes file
permissions unexpectedly
- S8005402, PR3020: Need to provide benchmarks for color
management
- S8005530, PR3020: [lcms] Improve performance of ColorConverOp
for default destinations
- S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not
transferred from source to destination.
- S8013430, PR3020: REGRESSION:
closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java
fails with java.io.StreamCorruptedException: invalid type
code: EE since 8b87
- S8014286, PR3075: failed java/lang/Math/DivModTests.java
after 6934604 changes
- S8014959, PR3075: assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit)
failed: Live Node limit exceeded limit
- S8019247, PR3075: SIGSEGV in compiled method
c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object
- S8024511, PR3020: Crash during color profile destruction
- S8025429, PR3020: [parfait] warnings from b107 for
sun.java2d.cmm: JNI exception pending
- S8026702, PR3020: Fix for 8025429 breaks jdk build on windows
- S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for
Java_awt test suit
- S8047066, PR3020: Test test/sun/awt/image/bug8038000.java
fails with ClassCastException
- S8069181, PR3012, RH1015612: java.lang.AssertionError when
compiling JDK 1.4 code in JDK 8
- S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt
can lead to the generation of illegal instructions (bsc#988651)
- S8159244, PR3075: Partially initialized string object created
by C2's string concat optimization may escape
* Bug fixes
- PR2799, RH1195203: Files are missing from resources.jar
- PR2900: Don't use WithSeed versions of NSS functions as they
don't fully process the seed
- PR3091: SystemTap is heavily confused by multiple JDKs
- PR3102: Extend 8022594 to AixPollPort
- PR3103: Handle case in clean-fonts where
linux.fontconfig.Gentoo.properties.old has not been created
- PR3111: Provide option to disable SystemTap tests
- PR3114: Don't assume system mime.types supports
text/x-java-source
- PR3115: Add check for elliptic curve cryptography
implementation
- PR3116: Add tests for Java debug info and source files
- PR3118: Path to agpl-3.0.txt not updated
- PR3119: Makefile handles cacerts as a symlink, but the
configure check doesn't
* AArch64 port
- S8148328, PR3100: aarch64: redundant lsr instructions in stub
code.
- S8148783, PR3100: aarch64: SEGV running SpecJBB2013
- S8148948, PR3100: aarch64: generate_copy_longs calls align()
incorrectly
- S8150045, PR3100: arraycopy causes segfaults in SATB during
garbage collection
- S8154537, PR3100: AArch64: some integer rotate instructions
are never emitted
- S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads
in wrong mode
- S8157906, PR3100: aarch64: some more integer rotate
instructions are never emitted
- Enable SunEC for SLE12 and Leap (bsc#982366)
- Fix aarch64 running with 48 bits va space (bsc#984684)
Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-1186,SUSE-SLE-SERVER-12-SP1-2016-1186
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_7_0-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for java-1_7_0-openjdk fixes the following issues:\n\n- Update to 2.6.7 - OpenJDK 7u111\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8147771: Construction of static protection domains under\n Javax custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * Import of OpenJDK 7 u111 build 0\n - S6953295: Move few sun.security.{util, x509, pkcs} classes\n used by keytool/jarsigner to another package\n - S7060849: Eliminate pack200 build warnings\n - S7064075: Security libraries don\u0027t build with\n javac -Xlint:all,-deprecation -Werror\n - S7069870: Parts of the JDK erroneously rely on generic array\n initializers with diamond\n - S7102686: Restructure timestamp code so that jars and modules\n can more easily share the same code\n - S7105780: Add SSLSocket client/SSLEngine server to templates\n directory\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n - S7152582: PKCS11 tests should use the NSS libraries available\n in the OS\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so\n not found\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems\n with libsoftokn.so\n - S8002306: (se) Selector.open fails if invoked with thread\n interrupt status set [win]\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n - S8022439: Fix lint warnings in sun.security.ec\n - S8022594: Potential deadlock in \u003cclinit\u003e of\n sun.nio.ch.Util/IOUtil\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp\n hash algorithm\n - S8079410: Hotspot version to share the same update and build\n version from JDK\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n - S8139436: sun.security.mscapi.KeyStore might load incomplete\n data\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression\n tests fail after JDK-8138811\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n - S8151841, PR3098: Build needs additional flags to compile\n with GCC 6\n - S8151876: (tz) Support tzdata2016d\n - S8157077: 8u101 L10n resource file updates\n - S8161262: Fix jdk build with gcc 4.1.2: -fno-strict-overflow\n not known.\n * Import of OpenJDK 7 u111 build 1\n - S7081817: test/sun/security/provider/certpath/X509CertPath/IllegalCertificates.java failing\n - S8140344: add support for 3 digit update release numbers\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n * Backports\n - S2178143, PR2958: JVM crashes if the number of bound CPUs\n changed during runtime\n - S4900206, PR3101: Include worst-case rounding tests for Math\n library functions\n - S6260348, PR3067: GTK+ L\u0026F JTextComponent not respecting\n desktop caret blink rate\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 \u0026 b138-nightly\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n - S7119487, PR3013: JavacParserTest.java test fails on Windows\n platforms\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for\n enhanced for-loops\n - S7175845, PR1437, RH1207129: \u0027jar uf\u0027 changes file\n permissions unexpectedly\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp\n for default destinations\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not\n transferred from source to destination.\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadProfileTest.java\n fails with java.io.StreamCorruptedException: invalid type\n code: EE since 8b87\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n - S8014959, PR3075: assert(Compile::current()-\u003elive_nodes() \u003c (uint)MaxNodeLimit)\n failed: Live Node limit exceeded limit\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n - S8024511, PR3020: Crash during color profile destruction\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java\n fails with ClassCastException\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when\n compiling JDK 1.4 code in JDK 8\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt\n can lead to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3075: Partially initialized string object created\n by C2\u0027s string concat optimization may escape\n * Bug fixes\n - PR2799, RH1195203: Files are missing from resources.jar\n - PR2900: Don\u0027t use WithSeed versions of NSS functions as they\n don\u0027t fully process the seed\n - PR3091: SystemTap is heavily confused by multiple JDKs\n - PR3102: Extend 8022594 to AixPollPort\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been created\n - PR3111: Provide option to disable SystemTap tests\n - PR3114: Don\u0027t assume system mime.types supports\n text/x-java-source\n - PR3115: Add check for elliptic curve cryptography\n implementation\n - PR3116: Add tests for Java debug info and source files\n - PR3118: Path to agpl-3.0.txt not updated\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn\u0027t\n * AArch64 port\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub\n code.\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3100: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8150045, PR3100: arraycopy causes segfaults in SATB during\n garbage collection\n - S8154537, PR3100: AArch64: some integer rotate instructions\n are never emitted\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads\n in wrong mode\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n- Enable SunEC for SLE12 and Leap (bsc#982366)\n\n- Fix aarch64 running with 48 bits va space (bsc#984684)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1186,SUSE-SLE-SERVER-12-SP1-2016-1186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1997-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1997-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161997-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1997-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002184.html"
},
{
"category": "self",
"summary": "SUSE Bug 982366",
"url": "https://bugzilla.suse.com/982366"
},
{
"category": "self",
"summary": "SUSE Bug 984684",
"url": "https://bugzilla.suse.com/984684"
},
{
"category": "self",
"summary": "SUSE Bug 988651",
"url": "https://bugzilla.suse.com/988651"
},
{
"category": "self",
"summary": "SUSE Bug 989722",
"url": "https://bugzilla.suse.com/989722"
},
{
"category": "self",
"summary": "SUSE Bug 989723",
"url": "https://bugzilla.suse.com/989723"
},
{
"category": "self",
"summary": "SUSE Bug 989725",
"url": "https://bugzilla.suse.com/989725"
},
{
"category": "self",
"summary": "SUSE Bug 989727",
"url": "https://bugzilla.suse.com/989727"
},
{
"category": "self",
"summary": "SUSE Bug 989728",
"url": "https://bugzilla.suse.com/989728"
},
{
"category": "self",
"summary": "SUSE Bug 989729",
"url": "https://bugzilla.suse.com/989729"
},
{
"category": "self",
"summary": "SUSE Bug 989730",
"url": "https://bugzilla.suse.com/989730"
},
{
"category": "self",
"summary": "SUSE Bug 989731",
"url": "https://bugzilla.suse.com/989731"
},
{
"category": "self",
"summary": "SUSE Bug 989732",
"url": "https://bugzilla.suse.com/989732"
},
{
"category": "self",
"summary": "SUSE Bug 989733",
"url": "https://bugzilla.suse.com/989733"
},
{
"category": "self",
"summary": "SUSE Bug 989734",
"url": "https://bugzilla.suse.com/989734"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3458 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3498 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3500 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3503 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3508 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3550 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3606 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3610/"
}
],
"title": "Security update for java-1_7_0-openjdk",
"tracking": {
"current_release_date": "2016-08-09T11:33:08Z",
"generator": {
"date": "2016-08-09T11:33:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1997-1",
"initial_release_date": "2016-08-09T11:33:08Z",
"revision_history": [
{
"date": "2016-08-09T11:33:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"product": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"product_id": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"product": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"product_id": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"product": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"product_id": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"product": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"product_id": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"product": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"product_id": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"product": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"product_id": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"product": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"product_id": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"product": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"product_id": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"product": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"product_id": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"product": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"product_id": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"product": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"product_id": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"product": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"product_id": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
},
"product_reference": "java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3458"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3458",
"url": "https://www.suse.com/security/cve/CVE-2016-3458"
},
{
"category": "external",
"summary": "SUSE Bug 989732 for CVE-2016-3458",
"url": "https://bugzilla.suse.com/989732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3458"
},
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3498"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3498",
"url": "https://www.suse.com/security/cve/CVE-2016-3498"
},
{
"category": "external",
"summary": "SUSE Bug 989729 for CVE-2016-3498",
"url": "https://bugzilla.suse.com/989729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3498"
},
{
"cve": "CVE-2016-3500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3500"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3500",
"url": "https://www.suse.com/security/cve/CVE-2016-3500"
},
{
"category": "external",
"summary": "SUSE Bug 989730 for CVE-2016-3500",
"url": "https://bugzilla.suse.com/989730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3500"
},
{
"cve": "CVE-2016-3503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3503"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3503",
"url": "https://www.suse.com/security/cve/CVE-2016-3503"
},
{
"category": "external",
"summary": "SUSE Bug 989728 for CVE-2016-3503",
"url": "https://bugzilla.suse.com/989728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3503"
},
{
"cve": "CVE-2016-3508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3508"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3508",
"url": "https://www.suse.com/security/cve/CVE-2016-3508"
},
{
"category": "external",
"summary": "SUSE Bug 989731 for CVE-2016-3508",
"url": "https://bugzilla.suse.com/989731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3508"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3550"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3550",
"url": "https://www.suse.com/security/cve/CVE-2016-3550"
},
{
"category": "external",
"summary": "SUSE Bug 989733 for CVE-2016-3550",
"url": "https://bugzilla.suse.com/989733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "moderate"
}
],
"title": "CVE-2016-3550"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
},
{
"cve": "CVE-2016-3606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3606"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3606",
"url": "https://www.suse.com/security/cve/CVE-2016-3606"
},
{
"category": "external",
"summary": "SUSE Bug 989722 for CVE-2016-3606",
"url": "https://bugzilla.suse.com/989722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "important"
}
],
"title": "CVE-2016-3606"
},
{
"cve": "CVE-2016-3610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3610"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3610",
"url": "https://www.suse.com/security/cve/CVE-2016-3610"
},
{
"category": "external",
"summary": "SUSE Bug 989725 for CVE-2016-3610",
"url": "https://bugzilla.suse.com/989725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.111-33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.111-33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:08Z",
"details": "important"
}
],
"title": "CVE-2016-3610"
}
]
}
SUSE-SU-2016:2012-1
Vulnerability from csaf_suse - Published: 2016-08-09 11:33 - Updated: 2016-08-09 11:33Summary
Security update for java-1_8_0-openjdk
Severity
Important
Notes
Title of the patch: Security update for java-1_8_0-openjdk
Description of the patch:
This update for java-1_8_0-openjdk fixes the following issues:
- Upgrade to version jdk8u101 (icedtea 3.1.0)
- New in release 3.1.0 (2016-07-25):
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8146514: Enforce GCM limits
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149070: Enforce update ordering
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8153312: Constrain AppCDS behavior
- S8154475, CVE-2016-3587: Clean up lookup visibility
(bsc#989721)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3552 (bsc#989726)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)
* New features
- S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3
on Linux
- PR2821: Support building OpenJDK with --disable-headful
- PR2931, G478960: Provide Infinality Support via fontconfig
- PR3079: Provide option to build Shenandoah on x86_64
* Import of OpenJDK 8 u92 build 14
- S6869327: Add new C2 flag to keep safepoints in counted
loops.
- S8022865: [TESTBUG] Compressed Oops testing needs to be
revised
- S8029630: Thread id should be displayed as a hex number in
error report
- S8029726: On OS X some dtrace probe names are mismatched with
Solaris
- S8029727: On OS X dtrace probes
Call<type>MethodA/Call<type>MethodV are not fired.
- S8029728: On OS X dtrace probes SetStaticBooleanField are not
fired
- S8038184: XMLSignature throws StringIndexOutOfBoundsException
if ID attribute value is empty String
- S8038349: Signing XML with DSA throws Exception when key is
larger than 1024 bits
- S8041501: ImageIO reader is not capable of reading JPEGs
without JFIF header
- S8041900: [macosx] Java forces the use of discrete GPU
- S8044363: Remove special build options for unpack200 executable
- S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value
for hotspot ARCH
- S8046611: Build errors with gcc on sparc/fastdebug
- S8047763: Recognize sparc64 as a sparc platform
- S8048232: Fix for 8046471 breaks PPC64 build
- S8052396: Catch exceptions resulting from missing font cmap
- S8058563: InstanceKlass::_dependencies list isn't cleared from
empty nmethodBucket entries
- S8061624: [TESTBUG] Some tests cannot be ran under compact
profiles and therefore shall be excluded
- S8062901: Iterators is spelled incorrectly in the Javadoc for
Spliterator
- S8064330: Remove SHA224 from the default support list if
SunMSCAPI enabled
- S8065579: WB method to start G1 concurrent mark cycle should
be introduced
- S8065986: Compiler fails to NullPointerException when calling
super with Object<>()
- S8066974: Compiler doesn't infer method's generic type
information in lambda body
- S8067800: Clarify java.time.chrono.Chronology.isLeapYear for
out of range years
- S8068033: JNI exception pending in jdk/src/share/bin/java.c
- S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c
for JNI pending
- S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed:
OLD and/or OBSOLETE method(s) found
- S8068254: Method reference uses wrong qualifying type
- S8074696: Remote debugging session hangs for several minutes
when calling findBootType
- S8074935: jdk8 keytool doesn't validate pem files for RFC 1421
correctness, as jdk7 did
- S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java
relies on system locale
- S8080492: [Parfait] Uninitialised variable in
jdk/src/java/desktop/windows/native/libawt/
- S8080650: Enable stubs to use frame pointers correctly
- S8122944: perfdata used is seen as too high on sparc zone with
jdk1.9 and causes a test failure
- S8129348: Debugger hangs in trace mode with TRACE_SENDS
- S8129847: Compiling methods generated by Nashorn triggers high
memory usage in C2
- S8130506: javac AssertionError when invoking
MethodHandle.invoke with lambda parameter
- S8130910: hsperfdata file is created in wrong directory and
not cleaned up if /tmp/hsperfdata_<username> has wrong permissions
- S8131129: Attempt to define a duplicate BMH$Species class
- S8131665: Bad exception message in HandshakeHash.getFinishedHash
- S8131782: C1 Class.cast optimization breaks when Class is
loaded from static final
- S8132503: [macosx] Chinese full stop symbol cannot be entered
with Pinyin IM on OS X
- S8133207: ParallelProbes.java test fails after changes for
JDK-8080115
- S8133924: NPE may be thrown when xsltc select a non-existing
node after JDK-8062518
- S8134007: Improve string folding
- S8134759: jdb: Incorrect stepping inside finally block
- S8134963: [Newtest] New stress test for changing the coarseness
level of G1 remembered set
- S8136442: Don't tie Certificate signature algorithms to
ciphersuites
- S8137106: EUDC (End User Defined Characters) are not displayed
on Windows with Java 8u60+
- S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory
in HotSpot
- S8138764: In some cases the usage of TreeLock can be replaced
by other synchronization
- S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java
failed with timeout
- S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc]
void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true,oopDesc*,MarkAndPushClosure>
- S8139436: sun.security.mscapi.KeyStore might load incomplete
data
- S8139751: Javac crash with -XDallowStringFolding=false
- S8139863: [TESTBUG] Need to port tests for JDK-8134903 to
8u-dev
- S8139985: JNI exception pending in
jdk/src/jdk/hprof/agent/share/native/libhprof
- S8140031: SA: Searching for a value in Threads does not work
- S8140249: JVM Crashing During startUp If Flight Recording is
enabled
- S8140344: add support for 3 digit update release numbers
- S8140587: Atomic*FieldUpdaters should use Class.isInstance
instead of direct class check
- S8141260: isReachable crash in windows xp
- S8143297: Nashorn compilation time reported in nanoseconds
- S8143397: It looks like InetAddress.isReachable(timeout) works
incorrectly
- S8143855: Bad printf formatting in frame_zero.cpp
- S8143896: java.lang.Long is implicitly converted to double
- S8143963: improve ClassLoader::trace_class_path to accept an
additional outputStream* arg
- S8144020: Remove long as an internal numeric type
- S8144131: ArrayData.getInt implementations do not convert to
int32
- S8144483: One long Safepoint pause directly after each GC log
rotation
- S8144487: PhaseIdealLoop::build_and_optimize() must restore
major_progress flag if skip_loop_opts is true
- S8144885: agent/src/os/linux/libproc.h needs to support
Linux/SPARC builds
- S8144935: C2: safepoint is pruned from a non-counted loop
- S8144937: [TEST_BUG] testlibrary_tests should be excluded for
compact1 and compact2 execution
- S8145017: Add support for 3 digit hotspot minor version numbers
- S8145099: Better error message when SA can't attach to a process
- S8145442: Add the facility to verify remembered sets for G1
- S8145466: javac: No line numbers in compilation error
- S8145539: (coll) AbstractMap.keySet and .values should not be
volatile
- S8145550: Megamorphic invoke should use CompiledFunction
variants without any LinkLogic
- S8145669: apply2call optimized callsite fails after becoming
megamorphic
- S8145722: NullPointerException in javadoc
- S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not
match AddI
- S8146147: Java linker indexed property getter does not work
for computed nashorn string
- S8146566: OpenJDK build can't handle commas in LDFLAGS
- S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms
- S8146979: Backport of 8046471 breaks ppc64 build in jdk8u
because 8072383 was badly backported before
- S8147087: Race when reusing PerRegionTable bitmaps may result
in dropped remembered set entries
- S8147630: Wrong test result pushed to 8u-dev
- S8147845: Varargs Array functions still leaking longs
- S8147857: RMIConnector logs attribute names incorrectly
- S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC
- S8150791: 8u76 L10n resource file translation update
* Import of OpenJDK 8 u101 build 13
- S6483657: MSCAPI provider does not create unique alias names
- S6675699: need comprehensive fix for unconstrained ConvI2L
with narrowed type
- S8037557: test SessionCacheSizeTests.java timeout
- S8038837: Add support to jarsigner for specifying timestamp
hash algorithm
- S8081778: Use Intel x64 CPU instructions for RSA acceleration
- S8130150: Implement BigInteger.montgomeryMultiply intrinsic
- S8130735: javax.swing.TimerQueue: timer fires late when
another timer starts
- S8143913: MSCAPI keystore should accept Certificate[] in
setEntry()
- S8144313: Test SessionTimeOutTests can be timeout
- S8146240: Three nashorn files contain 'GNU General Public
License' header
- S8146387: Test SSLSession/SessionCacheSizeTests socket accept
timed out
- S8146669: Test SessionTimeOutTests fails intermittently
- S8146993: Several javax/management/remote/mandatory regression
tests fail after JDK-8138811
- S8147994: [macosx] JScrollPane jitters up/down during trackpad
scrolling on MacOS/Aqua
- S8151522: Disable 8130150 and 8081778 intrinsics by default
- S8151876: (tz) Support tzdata2016d
- S8152098: Fix 8151522 caused test
compiler/intrinsics/squaretolen/TestSquareToLen.java to fail
- S8157077: 8u101 L10n resource file updates
* Backports
- S6260348, PR3066: GTK+ L&F JTextComponent not respecting
desktop caret blink rate
- S6778087, PR1061: getLocationOnScreen() always returns (0, 0)
for mouse wheel events
- S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS
string
- S8008657, PR3077: JSpinner setComponentOrientation doesn't
affect on text orientation
- S8014212, PR2866: Robot captures black screen
- S8029339, PR1061: Custom MultiResolution image support on
HiDPI displays
- S8031145, PR3077: Re-examine closed i18n tests to see it they
can be moved to the jdk repository.
- S8034856, PR3095: gcc warnings compiling
src/solaris/native/sun/security/pkcs11
- S8034857, PR3095: gcc warnings compiling
src/solaris/native/sun/management
- S8035054, PR3095: JarFacade.c should not include ctype.h
- S8035287, PR3095: gcc warnings compiling various libraries
files
- S8038631, PR3077: Create wrapper for awt.Robot with additional
functionality
- S8039279, PR3077: Move awt tests to openjdk repository
- S8041561, PR3077: Inconsistent opacity behaviour between
JCheckBox and JRadioButton
- S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests
to jdk
- S8041915, PR3077: Move 8 awt tests to OpenJDK regression
tests tree
- S8043126, PR3077: move awt automated functional tests from
AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
- S8043131, PR3077: Move ShapedAndTranslucentWindows and GC
functional AWT tests to regression tree
- S8044157, PR3077: [TEST_BUG] Improve recently submitted
AWT_Mixing tests
- S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and
AltPlusNumberKeyCombinationsTest to jdk
- S8044429, PR3077: move awt automated tests for AWT_Modality
to OpenJDK repository
- S8044762, PR2960: com/sun/jdi/OptionTest.java test time out
- S8044765, PR3077: Move functional tests
AWT_SystemTray/Automated to openjdk repository
- S8047180, PR3077: Move functional tests AWT_Headless/Automated
to OpenJDK repository
- S8047367, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 2
- S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional
tests to OpenJDK
- S8049226, PR2960: com/sun/jdi/OptionTest.java test times out
again
- S8049617, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 3
- S8049694, PR3077: Migrate functional
AWT_DesktopProperties/Automated tests to OpenJDK
- S8050885, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 4
- S8051440, PR3077: move tests about maximizing undecorated to
OpenJDK
- S8052012, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 5
- S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3
of 3)
- S8053657, PR3077: [TEST_BUG] move some 5 tests related to
undecorated Frame/JFrame to JDK
- S8054143, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 6
- S8054358, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 7
- S8054359, PR3077: move awt automated tests from AWT_Modality
to OpenJDK repository - part 8
- S8055360, PR3077: Move the rest part of AWT
ShapedAndTranslucent tests to OpenJDK
- S8055664, PR3077: move 14 tests about setLocationRelativeTo
to jdk
- S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 9
- S8056911, PR3077: Remove internal API usage from ExtendedRobot
class
- S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK
repository - part 10
- S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwiceTest.java
failed automatically
- S8062606, PR3077: Fix a typo in java.awt.Robot class
- S8063102, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063104, PR3077: Change open awt regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8063106, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 1
- S8063107, PR3077: Change open swing regression tests to avoid
sun.awt.SunToolkit.realSync, part 2
- S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java
is asocial pressing VK_LEFT and not releasing
- S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java
100 times press keys and never releases
- S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java
contains a lot of keyPress and not a single keyRelease
- S8067441, PR3077: Some tests fails with error: cannot find symbol
getSystemMnemonicKeyCodes()
- S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest
fails with GTKLookAndFeel
- S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not
include scale factor
- S8073320, PR1061: Windows HiDPI Graphics support
- S8074807, PR3077: Fix some tests unnecessary using internal API
- S8076315, PR3077: move 4 manual functional swing tests to
regression suite
- S8078504, PR3094: Zero lacks declaration of
VM_Version::initialize()
- S8129822, PR3077: Define 'headful' jtreg keyword
- S8132123, PR1061: MultiResolutionCachedImage unnecessarily
creates base image to get its size
- S8133539, PR1061: [TEST_BUG] Split
java/awt/image/MultiResolutionImageTest.java in two to allow
restricted access
- S8137571, PR1061: Linux HiDPI Graphics support
- S8142406, PR1061: [TEST] MultiResolution image: need test to
cover the case when @2x image is corrupted
- S8145188, PR2945: No LocalVariableTable generated for the
entire JDK
- S8150258, PR1061: [TEST] HiDPI: create a test for
multiresolution menu items icons
- S8150724, PR1061: [TEST] HiDPI: create a test for
multiresolution icons
- S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should
be taken into account for OS X
- S8151841, PR2882: Build needs additional flags to compile with
GCC 6 [plus parts of 8149647 & 8032045]
- S8155613, PR1061: [PIT] crash in
AWT_Desktop/Automated/Exceptions/BasicTest
- S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD
incorrectly
- S8156128, PR1061: Tests for [AWT/Swing] Conditional support
for GTK 3 on Linux
- S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt
can lead to the generation of illegal instructions (bsc#988651)
- S8159244, PR3074: Partially initialized string object created
by C2's string concat optimization may escape
- S8159690, PR3077: [TESTBUG] Mark headful tests with @key
headful.
- S8160294, PR2882, PR3095: Some client libraries cannot be
built with GCC 6
* Bug fixes
- PR1958: GTKLookAndFeel does not honor
gtk-alternative-button-order
- PR2822: Feed LIBS & CFLAGS into configure rather than make to
avoid re-discovery by OpenJDK configure
- PR2932: Support ccache in a non-automagic manner
- PR2933: Support ccache 3.2 and later
- PR2964: Set system defaults based on OS
- PR2974, RH1337583: PKCS#10 certificate requests now use CRLF
line endings rather than system line endings
- PR3078: Remove duplicated line dating back to 6788347 and
6894807
- PR3083, RH1346460: Regression in SSL debug output without an
ECC provider
- PR3089: Remove old memory limits patch
- PR3090, RH1204159: SystemTap is heavily confused by multiple
JDKs
- PR3095: Fix warnings in URLClassPath.c
- PR3096: Remove dead --disable-optimizations option
- PR3105: Use version from hotspot.map to create tarball filename
- PR3106: Handle both correctly-spelt property
'enableCustomValueHandler' introduced by S8079718 and typo
version
- PR3108: Shenandoah patches not included in release tarball
- PR3110: Update hotspot.map documentation in INSTALL
* AArch64 port
- S8145320, PR3078: Create unsafe_arraycopy and
generic_arraycopy for AArch64
- S8148328, PR3078: aarch64: redundant lsr instructions in stub
code.
- S8148783, PR3078: aarch64: SEGV running SpecJBB2013
- S8148948, PR3078: aarch64: generate_copy_longs calls align()
incorrectly
- S8149080, PR3078: AArch64: Recognise disjoint array copy in
stub code
- S8149365, PR3078: aarch64: memory copy does not prefetch on
backwards copy
- S8149907, PR3078: aarch64: use load/store pair instructions
in call_stub
- S8150038, PR3078: aarch64: make use of CBZ and CBNZ when
comparing narrow pointer with zero
- S8150045, PR3078: arraycopy causes segfaults in SATB during
garbage collection
- S8150082, PR3078: aarch64: optimise small array copy
- S8150229, PR3078: aarch64: pipeline class for several
instructions is not set correctly
- S8150313, PR3078: aarch64: optimise array copy using SIMD
instructions
- S8150394, PR3078: aarch64: add support for 8.1 LSE CAS
instructions
- S8151340, PR3078: aarch64: prefetch the destination word for
write prior to ldxr/stxr loops.
- S8151502, PR3078: optimize pd_disjoint_words and
pd_conjoint_words
- S8151775, PR3078: aarch64: add support for 8.1 LSE atomic
operations
- S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when
comparing unsigned values with zero.
- S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub
routine
- S8153713, PR3078: aarch64: improve short array clearing using
store pair
- S8153797, PR3078: aarch64: Add Arrays.fill stub code
- S8154537, PR3078: AArch64: some integer rotate instructions
are never emitted
- S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads
in wrong mode
- S8155015, PR3078: Aarch64: bad assert in spill generation
code
- S8155100, PR3078: AArch64: Relax alignment requirement for
byte_map_base
- S8155612, PR3078: Aarch64: vector nodes need to support
misaligned offset
- S8155617, PR3078: aarch64: ClearArray does not use DC ZVA
- S8155653, PR3078: TestVectorUnalignedOffset.java not pushed
with 8155612
- S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails
due to _generic_arraycopy stub routine
- S8157841, PR3078: aarch64: prefetch ignores cache line size
- S8157906, PR3078: aarch64: some more integer rotate
instructions are never emitted
- S8158913, PR3078: aarch64: SEGV running Spark terasort
- S8159052, PR3078: aarch64: optimise unaligned copies in
pd_disjoint_words and pd_conjoint_words
- S8159063, PR3078: aarch64: optimise unaligned array copy long
- PR3078: Cleanup remaining differences from aarch64/jdk8u tree
- Fix script linking /usr/share/javazi/tzdb.dat for platform where
it applies (bsc#987895)
- Fix aarch64 running with 48 bits va space (bsc#984684)
avoid some crashes
Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-1187,SUSE-SLE-SERVER-12-SP1-2016-1187
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_8_0-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for java-1_8_0-openjdk fixes the following issues:\n\n- Upgrade to version jdk8u101 (icedtea 3.1.0)\n- New in release 3.1.0 (2016-07-25):\n * Security fixes\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n - S8146514: Enforce GCM limits\n - S8147771: Construction of static protection domains under\n Javax custom policy\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n - S8149070: Enforce update ordering\n - S8149962, CVE-2016-3508: Better delineation of XML processing\n (bsc#989731)\n - S8150752: Share Class Data\n - S8151925: Font reference improvements\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n - S8153312: Constrain AppCDS behavior\n - S8154475, CVE-2016-3587: Clean up lookup visibility\n (bsc#989721)\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n - S8158571, CVE-2016-3610: Additional method handle validation\n (bsc#989725)\n - CVE-2016-3552 (bsc#989726)\n - CVE-2016-3511 (bsc#989727)\n - CVE-2016-3503 (bsc#989728)\n - CVE-2016-3498 (bsc#989729)\n * New features\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3\n on Linux\n - PR2821: Support building OpenJDK with --disable-headful\n - PR2931, G478960: Provide Infinality Support via fontconfig\n - PR3079: Provide option to build Shenandoah on x86_64\n * Import of OpenJDK 8 u92 build 14\n - S6869327: Add new C2 flag to keep safepoints in counted\n loops.\n - S8022865: [TESTBUG] Compressed Oops testing needs to be\n revised\n - S8029630: Thread id should be displayed as a hex number in\n error report\n - S8029726: On OS X some dtrace probe names are mismatched with\n Solaris\n - S8029727: On OS X dtrace probes\n Call\u003ctype\u003eMethodA/Call\u003ctype\u003eMethodV are not fired.\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not\n fired\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException\n if ID attribute value is empty String\n - S8038349: Signing XML with DSA throws Exception when key is\n larger than 1024 bits\n - S8041501: ImageIO reader is not capable of reading JPEGs\n without JFIF header\n - S8041900: [macosx] Java forces the use of discrete GPU\n - S8044363: Remove special build options for unpack200 executable\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value\n for hotspot ARCH\n - S8046611: Build errors with gcc on sparc/fastdebug\n - S8047763: Recognize sparc64 as a sparc platform\n - S8048232: Fix for 8046471 breaks PPC64 build\n - S8052396: Catch exceptions resulting from missing font cmap\n - S8058563: InstanceKlass::_dependencies list isn\u0027t cleared from\n empty nmethodBucket entries\n - S8061624: [TESTBUG] Some tests cannot be ran under compact\n profiles and therefore shall be excluded\n - S8062901: Iterators is spelled incorrectly in the Javadoc for\n Spliterator\n - S8064330: Remove SHA224 from the default support list if\n SunMSCAPI enabled\n - S8065579: WB method to start G1 concurrent mark cycle should\n be introduced\n - S8065986: Compiler fails to NullPointerException when calling\n super with Object\u003c\u003e()\n - S8066974: Compiler doesn\u0027t infer method\u0027s generic type\n information in lambda body\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for\n out of range years\n - S8068033: JNI exception pending in jdk/src/share/bin/java.c\n - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c\n for JNI pending\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed:\n OLD and/or OBSOLETE method(s) found\n - S8068254: Method reference uses wrong qualifying type\n - S8074696: Remote debugging session hangs for several minutes\n when calling findBootType\n - S8074935: jdk8 keytool doesn\u0027t validate pem files for RFC 1421\n correctness, as jdk7 did\n - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java\n relies on system locale\n - S8080492: [Parfait] Uninitialised variable in\n jdk/src/java/desktop/windows/native/libawt/\n - S8080650: Enable stubs to use frame pointers correctly\n - S8122944: perfdata used is seen as too high on sparc zone with\n jdk1.9 and causes a test failure\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n - S8129847: Compiling methods generated by Nashorn triggers high\n memory usage in C2\n - S8130506: javac AssertionError when invoking\n MethodHandle.invoke with lambda parameter\n - S8130910: hsperfdata file is created in wrong directory and\n not cleaned up if /tmp/hsperfdata_\u003cusername\u003e has wrong permissions\n - S8131129: Attempt to define a duplicate BMH$Species class\n - S8131665: Bad exception message in HandshakeHash.getFinishedHash\n - S8131782: C1 Class.cast optimization breaks when Class is\n loaded from static final\n - S8132503: [macosx] Chinese full stop symbol cannot be entered\n with Pinyin IM on OS X\n - S8133207: ParallelProbes.java test fails after changes for\n JDK-8080115\n - S8133924: NPE may be thrown when xsltc select a non-existing\n node after JDK-8062518\n - S8134007: Improve string folding\n - S8134759: jdb: Incorrect stepping inside finally block\n - S8134963: [Newtest] New stress test for changing the coarseness\n level of G1 remembered set\n - S8136442: Don\u0027t tie Certificate signature algorithms to\n ciphersuites\n - S8137106: EUDC (End User Defined Characters) are not displayed\n on Windows with Java 8u60+\n - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory\n in HotSpot\n - S8138764: In some cases the usage of TreeLock can be replaced\n by other synchronization\n - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java\n failed with timeout\n - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc]\n void InstanceKlass::oop_oop_iterate_oop_maps_specialized\u003ctrue,oopDesc*,MarkAndPushClosure\u003e\n - S8139436: sun.security.mscapi.KeyStore might load incomplete\n data\n - S8139751: Javac crash with -XDallowStringFolding=false\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to\n 8u-dev\n - S8139985: JNI exception pending in\n jdk/src/jdk/hprof/agent/share/native/libhprof\n - S8140031: SA: Searching for a value in Threads does not work\n - S8140249: JVM Crashing During startUp If Flight Recording is\n enabled\n - S8140344: add support for 3 digit update release numbers\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance\n instead of direct class check\n - S8141260: isReachable crash in windows xp\n - S8143297: Nashorn compilation time reported in nanoseconds\n - S8143397: It looks like InetAddress.isReachable(timeout) works\n incorrectly\n - S8143855: Bad printf formatting in frame_zero.cpp\n - S8143896: java.lang.Long is implicitly converted to double\n - S8143963: improve ClassLoader::trace_class_path to accept an\n additional outputStream* arg\n - S8144020: Remove long as an internal numeric type\n - S8144131: ArrayData.getInt implementations do not convert to\n int32\n - S8144483: One long Safepoint pause directly after each GC log\n rotation\n - S8144487: PhaseIdealLoop::build_and_optimize() must restore\n major_progress flag if skip_loop_opts is true\n - S8144885: agent/src/os/linux/libproc.h needs to support\n Linux/SPARC builds\n - S8144935: C2: safepoint is pruned from a non-counted loop\n - S8144937: [TEST_BUG] testlibrary_tests should be excluded for\n compact1 and compact2 execution\n - S8145017: Add support for 3 digit hotspot minor version numbers\n - S8145099: Better error message when SA can\u0027t attach to a process\n - S8145442: Add the facility to verify remembered sets for G1\n - S8145466: javac: No line numbers in compilation error\n - S8145539: (coll) AbstractMap.keySet and .values should not be\n volatile\n - S8145550: Megamorphic invoke should use CompiledFunction\n variants without any LinkLogic\n - S8145669: apply2call optimized callsite fails after becoming\n megamorphic\n - S8145722: NullPointerException in javadoc\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not\n match AddI\n - S8146147: Java linker indexed property getter does not work\n for computed nashorn string\n - S8146566: OpenJDK build can\u0027t handle commas in LDFLAGS\n - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms\n - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u\n because 8072383 was badly backported before\n - S8147087: Race when reusing PerRegionTable bitmaps may result\n in dropped remembered set entries\n - S8147630: Wrong test result pushed to 8u-dev\n - S8147845: Varargs Array functions still leaking longs\n - S8147857: RMIConnector logs attribute names incorrectly\n - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC\n - S8150791: 8u76 L10n resource file translation update\n * Import of OpenJDK 8 u101 build 13\n - S6483657: MSCAPI provider does not create unique alias names\n - S6675699: need comprehensive fix for unconstrained ConvI2L\n with narrowed type\n - S8037557: test SessionCacheSizeTests.java timeout\n - S8038837: Add support to jarsigner for specifying timestamp\n hash algorithm\n - S8081778: Use Intel x64 CPU instructions for RSA acceleration\n - S8130150: Implement BigInteger.montgomeryMultiply intrinsic\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n - S8143913: MSCAPI keystore should accept Certificate[] in\n setEntry()\n - S8144313: Test SessionTimeOutTests can be timeout\n - S8146240: Three nashorn files contain \u0027GNU General Public\n License\u0027 header\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept\n timed out\n - S8146669: Test SessionTimeOutTests fails intermittently\n - S8146993: Several javax/management/remote/mandatory regression\n tests fail after JDK-8138811\n - S8147994: [macosx] JScrollPane jitters up/down during trackpad\n scrolling on MacOS/Aqua\n - S8151522: Disable 8130150 and 8081778 intrinsics by default\n - S8151876: (tz) Support tzdata2016d\n - S8152098: Fix 8151522 caused test\n compiler/intrinsics/squaretolen/TestSquareToLen.java to fail\n - S8157077: 8u101 L10n resource file updates\n * Backports\n - S6260348, PR3066: GTK+ L\u0026F JTextComponent not respecting\n desktop caret blink rate\n - S6778087, PR1061: getLocationOnScreen() always returns (0, 0)\n for mouse wheel events\n - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS\n string\n - S8008657, PR3077: JSpinner setComponentOrientation doesn\u0027t\n affect on text orientation\n - S8014212, PR2866: Robot captures black screen\n - S8029339, PR1061: Custom MultiResolution image support on\n HiDPI displays\n - S8031145, PR3077: Re-examine closed i18n tests to see it they\n can be moved to the jdk repository.\n - S8034856, PR3095: gcc warnings compiling\n src/solaris/native/sun/security/pkcs11\n - S8034857, PR3095: gcc warnings compiling\n src/solaris/native/sun/management\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n - S8035287, PR3095: gcc warnings compiling various libraries\n files\n - S8038631, PR3077: Create wrapper for awt.Robot with additional\n functionality\n - S8039279, PR3077: Move awt tests to openjdk repository\n - S8041561, PR3077: Inconsistent opacity behaviour between\n JCheckBox and JRadioButton\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests\n to jdk\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression\n tests tree\n - S8043126, PR3077: move awt automated functional tests from\n AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC\n functional AWT tests to regression tree\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted\n AWT_Mixing tests\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and\n AltPlusNumberKeyCombinationsTest to jdk\n - S8044429, PR3077: move awt automated tests for AWT_Modality\n to OpenJDK repository\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out\n - S8044765, PR3077: Move functional tests\n AWT_SystemTray/Automated to openjdk repository\n - S8047180, PR3077: Move functional tests AWT_Headless/Automated\n to OpenJDK repository\n - S8047367, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 2\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional\n tests to OpenJDK\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out\n again\n - S8049617, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 3\n - S8049694, PR3077: Migrate functional\n AWT_DesktopProperties/Automated tests to OpenJDK\n - S8050885, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 4\n - S8051440, PR3077: move tests about maximizing undecorated to\n OpenJDK\n - S8052012, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 5\n - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3\n of 3)\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related to\n undecorated Frame/JFrame to JDK\n - S8054143, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 6\n - S8054358, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 7\n - S8054359, PR3077: move awt automated tests from AWT_Modality\n to OpenJDK repository - part 8\n - S8055360, PR3077: Move the rest part of AWT\n ShapedAndTranslucent tests to OpenJDK\n - S8055664, PR3077: move 14 tests about setLocationRelativeTo\n to jdk\n - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK\n repository - part 9\n - S8056911, PR3077: Remove internal API usage from ExtendedRobot\n class\n - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK\n repository - part 10\n - S8058959, PR1061: closed/java/awt/event/ComponentEvent/MovedResizedTwiceTest/MovedResizedTwiceTest.java\n failed automatically\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n - S8063102, PR3077: Change open awt regression tests to avoid\n sun.awt.SunToolkit.realSync, part 1\n - S8063104, PR3077: Change open awt regression tests to avoid\n sun.awt.SunToolkit.realSync, part 2\n - S8063106, PR3077: Change open swing regression tests to avoid\n sun.awt.SunToolkit.realSync, part 1\n - S8063107, PR3077: Change open swing regression tests to avoid\n sun.awt.SunToolkit.realSync, part 2\n - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java\n is asocial pressing VK_LEFT and not releasing\n - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java\n 100 times press keys and never releases\n - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java\n contains a lot of keyPress and not a single keyRelease\n - S8067441, PR3077: Some tests fails with error: cannot find symbol\n getSystemMnemonicKeyCodes()\n - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest\n fails with GTKLookAndFeel\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not\n include scale factor\n - S8073320, PR1061: Windows HiDPI Graphics support\n - S8074807, PR3077: Fix some tests unnecessary using internal API\n - S8076315, PR3077: move 4 manual functional swing tests to\n regression suite\n - S8078504, PR3094: Zero lacks declaration of\n VM_Version::initialize()\n - S8129822, PR3077: Define \u0027headful\u0027 jtreg keyword\n - S8132123, PR1061: MultiResolutionCachedImage unnecessarily\n creates base image to get its size\n - S8133539, PR1061: [TEST_BUG] Split\n java/awt/image/MultiResolutionImageTest.java in two to allow\n restricted access\n - S8137571, PR1061: Linux HiDPI Graphics support\n - S8142406, PR1061: [TEST] MultiResolution image: need test to\n cover the case when @2x image is corrupted\n - S8145188, PR2945: No LocalVariableTable generated for the\n entire JDK\n - S8150258, PR1061: [TEST] HiDPI: create a test for\n multiresolution menu items icons\n - S8150724, PR1061: [TEST] HiDPI: create a test for\n multiresolution icons\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should\n be taken into account for OS X\n - S8151841, PR2882: Build needs additional flags to compile with\n GCC 6 [plus parts of 8149647 \u0026 8032045]\n - S8155613, PR1061: [PIT] crash in\n AWT_Desktop/Automated/Exceptions/BasicTest\n - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD\n incorrectly\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional support\n for GTK 3 on Linux\n - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt\n can lead to the generation of illegal instructions (bsc#988651)\n - S8159244, PR3074: Partially initialized string object created\n by C2\u0027s string concat optimization may escape\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key\n headful.\n - S8160294, PR2882, PR3095: Some client libraries cannot be\n built with GCC 6\n * Bug fixes\n - PR1958: GTKLookAndFeel does not honor\n gtk-alternative-button-order\n - PR2822: Feed LIBS \u0026 CFLAGS into configure rather than make to\n avoid re-discovery by OpenJDK configure\n - PR2932: Support ccache in a non-automagic manner\n - PR2933: Support ccache 3.2 and later\n - PR2964: Set system defaults based on OS\n - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF\n line endings rather than system line endings\n - PR3078: Remove duplicated line dating back to 6788347 and\n 6894807\n - PR3083, RH1346460: Regression in SSL debug output without an\n ECC provider\n - PR3089: Remove old memory limits patch\n - PR3090, RH1204159: SystemTap is heavily confused by multiple\n JDKs\n - PR3095: Fix warnings in URLClassPath.c\n - PR3096: Remove dead --disable-optimizations option\n - PR3105: Use version from hotspot.map to create tarball filename\n - PR3106: Handle both correctly-spelt property\n \u0027enableCustomValueHandler\u0027 introduced by S8079718 and typo\n version\n - PR3108: Shenandoah patches not included in release tarball\n - PR3110: Update hotspot.map documentation in INSTALL\n * AArch64 port\n - S8145320, PR3078: Create unsafe_arraycopy and\n generic_arraycopy for AArch64\n - S8148328, PR3078: aarch64: redundant lsr instructions in stub\n code.\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n - S8148948, PR3078: aarch64: generate_copy_longs calls align()\n incorrectly\n - S8149080, PR3078: AArch64: Recognise disjoint array copy in\n stub code\n - S8149365, PR3078: aarch64: memory copy does not prefetch on\n backwards copy\n - S8149907, PR3078: aarch64: use load/store pair instructions\n in call_stub\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when\n comparing narrow pointer with zero\n - S8150045, PR3078: arraycopy causes segfaults in SATB during\n garbage collection\n - S8150082, PR3078: aarch64: optimise small array copy\n - S8150229, PR3078: aarch64: pipeline class for several\n instructions is not set correctly\n - S8150313, PR3078: aarch64: optimise array copy using SIMD\n instructions\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS\n instructions\n - S8151340, PR3078: aarch64: prefetch the destination word for\n write prior to ldxr/stxr loops.\n - S8151502, PR3078: optimize pd_disjoint_words and\n pd_conjoint_words\n - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic\n operations\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when\n comparing unsigned values with zero.\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub\n routine\n - S8153713, PR3078: aarch64: improve short array clearing using\n store pair\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n - S8154537, PR3078: AArch64: some integer rotate instructions\n are never emitted\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads\n in wrong mode\n - S8155015, PR3078: Aarch64: bad assert in spill generation\n code\n - S8155100, PR3078: AArch64: Relax alignment requirement for\n byte_map_base\n - S8155612, PR3078: Aarch64: vector nodes need to support\n misaligned offset\n - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA\n - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed\n with 8155612\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails\n due to _generic_arraycopy stub routine\n - S8157841, PR3078: aarch64: prefetch ignores cache line size\n - S8157906, PR3078: aarch64: some more integer rotate\n instructions are never emitted\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n - S8159052, PR3078: aarch64: optimise unaligned copies in\n pd_disjoint_words and pd_conjoint_words\n - S8159063, PR3078: aarch64: optimise unaligned array copy long\n - PR3078: Cleanup remaining differences from aarch64/jdk8u tree\n- Fix script linking /usr/share/javazi/tzdb.dat for platform where\n it applies (bsc#987895)\n\n- Fix aarch64 running with 48 bits va space (bsc#984684)\n\n avoid some crashes\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1187,SUSE-SLE-SERVER-12-SP1-2016-1187",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2012-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2012-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162012-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2012-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002198.html"
},
{
"category": "self",
"summary": "SUSE Bug 984684",
"url": "https://bugzilla.suse.com/984684"
},
{
"category": "self",
"summary": "SUSE Bug 987895",
"url": "https://bugzilla.suse.com/987895"
},
{
"category": "self",
"summary": "SUSE Bug 988651",
"url": "https://bugzilla.suse.com/988651"
},
{
"category": "self",
"summary": "SUSE Bug 989721",
"url": "https://bugzilla.suse.com/989721"
},
{
"category": "self",
"summary": "SUSE Bug 989722",
"url": "https://bugzilla.suse.com/989722"
},
{
"category": "self",
"summary": "SUSE Bug 989723",
"url": "https://bugzilla.suse.com/989723"
},
{
"category": "self",
"summary": "SUSE Bug 989725",
"url": "https://bugzilla.suse.com/989725"
},
{
"category": "self",
"summary": "SUSE Bug 989726",
"url": "https://bugzilla.suse.com/989726"
},
{
"category": "self",
"summary": "SUSE Bug 989727",
"url": "https://bugzilla.suse.com/989727"
},
{
"category": "self",
"summary": "SUSE Bug 989728",
"url": "https://bugzilla.suse.com/989728"
},
{
"category": "self",
"summary": "SUSE Bug 989729",
"url": "https://bugzilla.suse.com/989729"
},
{
"category": "self",
"summary": "SUSE Bug 989730",
"url": "https://bugzilla.suse.com/989730"
},
{
"category": "self",
"summary": "SUSE Bug 989731",
"url": "https://bugzilla.suse.com/989731"
},
{
"category": "self",
"summary": "SUSE Bug 989732",
"url": "https://bugzilla.suse.com/989732"
},
{
"category": "self",
"summary": "SUSE Bug 989733",
"url": "https://bugzilla.suse.com/989733"
},
{
"category": "self",
"summary": "SUSE Bug 989734",
"url": "https://bugzilla.suse.com/989734"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3458 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3498 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3500 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3503 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3508 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3550 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3552 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3587 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3606 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3610/"
}
],
"title": "Security update for java-1_8_0-openjdk",
"tracking": {
"current_release_date": "2016-08-09T11:33:15Z",
"generator": {
"date": "2016-08-09T11:33:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2012-1",
"initial_release_date": "2016-08-09T11:33:15Z",
"revision_history": [
{
"date": "2016-08-09T11:33:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"product_id": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"product_id": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"product": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"product_id": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"product": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"product_id": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"product": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"product_id": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"product": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"product_id": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
},
"product_reference": "java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3458"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3458",
"url": "https://www.suse.com/security/cve/CVE-2016-3458"
},
{
"category": "external",
"summary": "SUSE Bug 989732 for CVE-2016-3458",
"url": "https://bugzilla.suse.com/989732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3458"
},
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3498"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3498",
"url": "https://www.suse.com/security/cve/CVE-2016-3498"
},
{
"category": "external",
"summary": "SUSE Bug 989729 for CVE-2016-3498",
"url": "https://bugzilla.suse.com/989729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3498"
},
{
"cve": "CVE-2016-3500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3500"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3500",
"url": "https://www.suse.com/security/cve/CVE-2016-3500"
},
{
"category": "external",
"summary": "SUSE Bug 989730 for CVE-2016-3500",
"url": "https://bugzilla.suse.com/989730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3500"
},
{
"cve": "CVE-2016-3503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3503"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3503",
"url": "https://www.suse.com/security/cve/CVE-2016-3503"
},
{
"category": "external",
"summary": "SUSE Bug 989728 for CVE-2016-3503",
"url": "https://bugzilla.suse.com/989728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3503"
},
{
"cve": "CVE-2016-3508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3508"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3508",
"url": "https://www.suse.com/security/cve/CVE-2016-3508"
},
{
"category": "external",
"summary": "SUSE Bug 989731 for CVE-2016-3508",
"url": "https://bugzilla.suse.com/989731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3508"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3550"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3550",
"url": "https://www.suse.com/security/cve/CVE-2016-3550"
},
{
"category": "external",
"summary": "SUSE Bug 989733 for CVE-2016-3550",
"url": "https://bugzilla.suse.com/989733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3550"
},
{
"cve": "CVE-2016-3552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3552"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3552",
"url": "https://www.suse.com/security/cve/CVE-2016-3552"
},
{
"category": "external",
"summary": "SUSE Bug 989726 for CVE-2016-3552",
"url": "https://bugzilla.suse.com/989726"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "moderate"
}
],
"title": "CVE-2016-3552"
},
{
"cve": "CVE-2016-3587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3587"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3587",
"url": "https://www.suse.com/security/cve/CVE-2016-3587"
},
{
"category": "external",
"summary": "SUSE Bug 989721 for CVE-2016-3587",
"url": "https://bugzilla.suse.com/989721"
},
{
"category": "external",
"summary": "SUSE Bug 998845 for CVE-2016-3587",
"url": "https://bugzilla.suse.com/998845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "important"
}
],
"title": "CVE-2016-3587"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
},
{
"cve": "CVE-2016-3606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3606"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3606",
"url": "https://www.suse.com/security/cve/CVE-2016-3606"
},
{
"category": "external",
"summary": "SUSE Bug 989722 for CVE-2016-3606",
"url": "https://bugzilla.suse.com/989722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "important"
}
],
"title": "CVE-2016-3606"
},
{
"cve": "CVE-2016-3610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3610"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3610",
"url": "https://www.suse.com/security/cve/CVE-2016-3610"
},
{
"category": "external",
"summary": "SUSE Bug 989725 for CVE-2016-3610",
"url": "https://bugzilla.suse.com/989725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-demo-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-devel-1.8.0.101-14.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-openjdk-headless-1.8.0.101-14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-09T11:33:15Z",
"details": "important"
}
],
"title": "CVE-2016-3610"
}
]
}
SUSE-SU-2016:2261-1
Vulnerability from csaf_suse - Published: 2016-09-07 14:50 - Updated: 2016-09-07 14:50Summary
Security update for java-1_7_1-ibm
Severity
Important
Notes
Title of the patch: Security update for java-1_7_1-ibm
Description of the patch:
IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues:
CVE-2016-3485 CVE-2016-3511 CVE-2016-3598
Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.
Patchnames: sdksp4-java-1_7_1_ibm-12733,slessp4-java-1_7_1_ibm-12733
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.7 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_7_1-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nIBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues:\n\nCVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\nPlease see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-java-1_7_1_ibm-12733,slessp4-java-1_7_1_ibm-12733",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2261-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2261-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162261-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2261-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002261.html"
},
{
"category": "self",
"summary": "SUSE Bug 992537",
"url": "https://bugzilla.suse.com/992537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
}
],
"title": "Security update for java-1_7_1-ibm",
"tracking": {
"current_release_date": "2016-09-07T14:50:20Z",
"generator": {
"date": "2016-09-07T14:50:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2261-1",
"initial_release_date": "2016-09-07T14:50:20Z",
"revision_history": [
{
"date": "2016-09-07T14:50:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"product": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"product_id": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"product": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"product_id": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"product": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"product_id": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"product": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"product_id": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-07T14:50:20Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-07T14:50:20Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-07T14:50:20Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
}
]
}
SUSE-SU-2016:2286-1
Vulnerability from csaf_suse - Published: 2016-09-10 10:51 - Updated: 2016-09-10 10:51Summary
Security update for java-1_7_0-ibm
Severity
Important
Notes
Title of the patch: Security update for java-1_7_0-ibm
Description of the patch:
IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537).
Security issues fixed:
CVE-2016-3485 CVE-2016-3511 CVE-2016-3598
Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.
Patchnames: sleclo50sp3-java-1_7_0-ibm-12737,sleman21-java-1_7_0-ibm-12737,slemap21-java-1_7_0-ibm-12737,sleposp3-java-1_7_0-ibm-12737,slessp2-java-1_7_0-ibm-12737,slessp3-java-1_7_0-ibm-12737
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
62 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.7 (High)
Affected products
Recommended
62 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
62 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_7_0-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nIBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537).\n\nSecurity issues fixed:\n CVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\nPlease see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-java-1_7_0-ibm-12737,sleman21-java-1_7_0-ibm-12737,slemap21-java-1_7_0-ibm-12737,sleposp3-java-1_7_0-ibm-12737,slessp2-java-1_7_0-ibm-12737,slessp3-java-1_7_0-ibm-12737",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2286-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2286-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162286-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2286-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002268.html"
},
{
"category": "self",
"summary": "SUSE Bug 992537",
"url": "https://bugzilla.suse.com/992537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
}
],
"title": "Security update for java-1_7_0-ibm",
"tracking": {
"current_release_date": "2016-09-10T10:51:56Z",
"generator": {
"date": "2016-09-10T10:51:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2286-1",
"initial_release_date": "2016-09-10T10:51:56Z",
"revision_history": [
{
"date": "2016-09-10T10:51:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"product": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"product_id": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"product": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"product_id": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"product": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"product_id": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"product": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"product": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"product_id": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"product": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"product_id": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"product": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"product_id": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"product": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"product": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"product_id": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"product": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"product_id": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"product": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"product_id": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"product": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"product_id": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"product": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"product_id": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager 2.1",
"product": {
"name": "SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:2.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 2.1",
"product": {
"name": "SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:2.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Manager Proxy 2.1",
"product_id": "SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
},
"product_reference": "java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-10T10:51:56Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-10T10:51:56Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-LTSS:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.s390x",
"SUSE Manager 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE Manager Proxy 2.1:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1.x86_64",
"SUSE OpenStack Cloud 5:java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-10T10:51:56Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
}
]
}
SUSE-SU-2016:2347-1
Vulnerability from csaf_suse - Published: 2016-09-21 14:11 - Updated: 2016-09-21 14:11Summary
Security update for java-1_7_1-ibm
Severity
Important
Notes
Title of the patch: Security update for java-1_7_1-ibm
Description of the patch:
IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues:
CVE-2016-3485 CVE-2016-3511 CVE-2016-3598
Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.
- Add hwkeytool binary for zSeries.
Patchnames: SUSE-SLE-SAP-12-2016-1372,SUSE-SLE-SDK-12-SP1-2016-1372,SUSE-SLE-SERVER-12-2016-1372,SUSE-SLE-SERVER-12-SP1-2016-1372
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.7 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_7_1-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nIBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues:\n\nCVE-2016-3485 CVE-2016-3511 CVE-2016-3598\n\nPlease see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.\n\n- Add hwkeytool binary for zSeries.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-2016-1372,SUSE-SLE-SDK-12-SP1-2016-1372,SUSE-SLE-SERVER-12-2016-1372,SUSE-SLE-SERVER-12-SP1-2016-1372",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2347-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2347-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162347-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2347-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002282.html"
},
{
"category": "self",
"summary": "SUSE Bug 992537",
"url": "https://bugzilla.suse.com/992537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
}
],
"title": "Security update for java-1_7_1-ibm",
"tracking": {
"current_release_date": "2016-09-21T14:11:13Z",
"generator": {
"date": "2016-09-21T14:11:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2347-1",
"initial_release_date": "2016-09-21T14:11:13Z",
"revision_history": [
{
"date": "2016-09-21T14:11:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"product": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"product_id": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"product": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"product_id": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"product": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"product_id": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"product": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"product_id": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"product": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"product_id": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64"
},
"product_reference": "java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-21T14:11:13Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-21T14:11:13Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-21T14:11:13Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
}
]
}
SUSE-SU-2016:2726-1
Vulnerability from csaf_suse - Published: 2016-11-04 10:17 - Updated: 2016-11-04 10:17Summary
Security update for java-1_8_0-ibm
Severity
Important
Notes
Title of the patch: Security update for java-1_8_0-ibm
Description of the patch: IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues:
- CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking
- CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment
- CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries
Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.
- Add hwkeytool binary for zSeries.
Patchnames: SUSE-SLE-SDK-12-SP1-2016-1606,SUSE-SLE-SERVER-12-SP1-2016-1606
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.7 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_8_0-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues:\n\n- CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking\n- CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment\n- CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries\n\nPlease see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information.\n\n- Add hwkeytool binary for zSeries.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SDK-12-SP1-2016-1606,SUSE-SLE-SERVER-12-SP1-2016-1606",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2726-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2726-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162726-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2726-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-November/002395.html"
},
{
"category": "self",
"summary": "SUSE Bug 992537",
"url": "https://bugzilla.suse.com/992537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3485 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3511 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3598/"
}
],
"title": "Security update for java-1_8_0-ibm",
"tracking": {
"current_release_date": "2016-11-04T10:17:32Z",
"generator": {
"date": "2016-11-04T10:17:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2726-1",
"initial_release_date": "2016-11-04T10:17:32Z",
"revision_history": [
{
"date": "2016-11-04T10:17:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"product_id": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"product_id": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"product_id": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3485"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3485",
"url": "https://www.suse.com/security/cve/CVE-2016-3485"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989734 for CVE-2016-3485",
"url": "https://bugzilla.suse.com/989734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-11-04T10:17:32Z",
"details": "low"
}
],
"title": "CVE-2016-3485"
},
{
"cve": "CVE-2016-3511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3511"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3511",
"url": "https://www.suse.com/security/cve/CVE-2016-3511"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989727 for CVE-2016-3511",
"url": "https://bugzilla.suse.com/989727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-11-04T10:17:32Z",
"details": "moderate"
}
],
"title": "CVE-2016-3511"
},
{
"cve": "CVE-2016-3598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3598",
"url": "https://www.suse.com/security/cve/CVE-2016-3598"
},
{
"category": "external",
"summary": "SUSE Bug 1009280 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/1009280"
},
{
"category": "external",
"summary": "SUSE Bug 989723 for CVE-2016-3598",
"url": "https://bugzilla.suse.com/989723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-alsa-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_8_0-ibm-plugin-1.8.0_sr3.10-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:java-1_8_0-ibm-devel-1.8.0_sr3.10-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-11-04T10:17:32Z",
"details": "important"
}
],
"title": "CVE-2016-3598"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…