First published: Mon May 09 2016(Updated: )
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment<br>and the OpenJDK 6 Java Software Development Kit.<br>Security Fix(es):<br><li> Multiple flaws were discovered in the Serialization and Hotspot components in</li> OpenJDK. An untrusted Java application or applet could use these flaws to<br>completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)<br><li> It was discovered that the RMI server implementation in the JMX component in</li> OpenJDK did not restrict which classes can be deserialized when deserializing<br>authentication credentials. A remote, unauthenticated attacker able to connect<br>to a JMX port could possibly use this flaw to trigger deserialization flaws.<br>(CVE-2016-3427)<br><li> It was discovered that the JAXP component in OpenJDK failed to properly handle</li> Unicode surrogate pairs used as part of the XML attribute values. Specially<br>crafted XML input could cause a Java application to use an excessive amount of<br>memory when parsed. (CVE-2016-3425)<br><li> It was discovered that the Security component in OpenJDK failed to check the</li> digest algorithm strength when generating DSA signatures. The use of a digest<br>weaker than the key strength could lead to the generation of signatures that<br>were weaker than expected. (CVE-2016-0695)<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el6_7 |
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el5_11 |
redhat/java | <1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-demo-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-devel-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.0.el7_2 |
redhat/java | <1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2 | 1.6.0-openjdk-src-1.6.0.39-1.13.11.0.el7_2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.