Red Hat Security Advisory 2017-3453-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5cdbf5273d807c44144081264433f64aca62c27845caebf77dc83aeda8dbc521
Red Hat Security Advisory 2017-3392-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.
ca32abbf1eb81bce01cfed2e18d19f591d66881e2fc8d09c626f0ebdc112de1e
Ubuntu Security Notice 3497-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.
5b6e1cbb08aebbd2d544357da18dc70e489442ccb7b7c6b9b67ccfd975ff3593
Red Hat Security Advisory 2017-3268-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
4d3f99353fc0df0e6a3b532ab60da83e1644f085c1e6bc829589edb141973576
Red Hat Security Advisory 2017-3267-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1cbdf57cadd1e25962575914fcbe68c5198cbbf91b9a933acd1c4fc9b599ac7d
Red Hat Security Advisory 2017-3264-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b9201431909936ea9fd97a7fcd50d51c4350b43fe1f82c552c0ae26c8fd37e75
Gentoo Linux Security Advisory 201711-14 - Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 3.6.0 are affected.
199a7109f3bb36f001797a0dea574873291a2aa93c8f7d48fc01a9bc45c6a377
Ubuntu Security Notice 3473-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.
60657e23392132c3f43ceeafdbd032467dc44eefcf150f9fb2fd6e7cf6182550
Debian Linux Security Advisory 4015-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection.
05931432fc88d655f4b2cd845ab81c58a2e1806d1213ccb724e51f1214d6a6b8
Gentoo Linux Security Advisory 201710-31 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. Versions less than 1.8.0.152-r1 are affected.
2cf0328599c61e8d96a0c7644ff739c1e26ca5c16e25a38caa81567f6536847e
Red Hat Security Advisory 2017-3047-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bbe7908cff164751122dfd84e70eaebcd87444c60de530d15e00c3e33022eecd
Red Hat Security Advisory 2017-3046-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bd482745f8dc0e105bc099c629ff47658c99a2f53808a47cb77e614bf18e5a9b
Red Hat Security Advisory 2017-2999-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
5a4ce654a7f1a56a3e0c28d38c35a7bd07a67e4a9e13e00e1109d326f55215e6
Red Hat Security Advisory 2017-2998-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.
a337858a09a369e61815370528ea0d53e9969dac321888bb5e09ec6b4b74c965