java-1.6.0-openjdk-1.6.0.38-1.13.10.0.1.el7.AXS7

エラータID: AXSA:2016-069:01

Release date: 
Monday, February 15, 2016 - 12:10
Subject: 
java-1.6.0-openjdk-1.6.0.38-1.13.10.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The OpenJDK runtime environment.

Security issues fixed with this release:

CVE-2016-0402
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
Embedded 8u65 allows remote attackers to affect integrity via unknown
vectors related to Networking.
CVE-2016-0448
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE
Embedded 8u65 allows remote authenticated users to affect
confidentiality via vectors related to JMX.
CVE-2016-0466
Unspecified vulnerability in the Java SE, Java SE Embedded, and
JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE
Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect
availability via vectors related to JAXP.
CVE-2016-0483
Unspecified vulnerability in the Java SE, Java SE Embedded, and
JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE
Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect
confidentiality, integrity, and availability via vectors related to
AWT.
CVE-2016-0494
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
Embedded 8u65 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D.

Solution: 

Update packages.

CVEs: 
CVE-2016-0402
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
CVE-2016-0448
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
CVE-2016-0466
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
CVE-2016-0483
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
CVE-2016-0494
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.6.0-openjdk-1.6.0.38-1.13.10.0.1.el7.AXS7.src.rpm
    MD5: cc295996c2161c2b66255c56ac7a9b4c
    SHA-256: cad93c6599c8c13462e469f149598880b4f1affd7afcf4197afd09e2efaa115d
    Size: 36.65 MB

Asianux Server 7 for x86_64
  1. java-1.6.0-openjdk-1.6.0.38-1.13.10.0.1.el7.AXS7.x86_64.rpm
    MD5: dc10bcb21d781369a4cc3b12d1dea308
    SHA-256: e0a94675cf8640e10b26f4dac39c5c7af34e38c34f0b2bebb8243845035b5a17
    Size: 41.67 MB
  2. java-1.6.0-openjdk-devel-1.6.0.38-1.13.10.0.1.el7.AXS7.x86_64.rpm
    MD5: e88389acb3c00e735f5112c64b0165ea
    SHA-256: eea4be3441f296173474ee36f042ebe5c8ab308777337fc9aee178df2efd141e
    Size: 14.51 MB