Critical CentOS java-1.7.0-openjdk Security Update

Metadata

critical
9.3
java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.i686.rpm, java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm, java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm, java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.i686.rpm, java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm, java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.i686.rpm, java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm, java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm, java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.i686.rpm, java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm
CVE-2016-0636
rhn.redhat.com, lists.centos.org
2016-03-25
2017-07-27 19:10
ALAS-2016-677
Important CentOS java-1.7.0-openjdk Security Update
Important CentOS java-1.8.0-openjdk Security Update
Critical CentOS java-1.8.0-openjdk Security Update
CVE-2016-0636 openjdk-8
CVE-2016-0636 openjdk-6
CVE-2016-0636 openjdk-7
CVE-2016-0636
2017-04-01 19:09
2017-01-05 20:14

Description


An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs.

Security Fix(es):

* An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636)
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 java-1.7.0-openjdk java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.i686.rpm
java-1.7.0-openjdk java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.src.rpm
java-1.7.0-openjdk java-1.7.0-openjdk-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm
java-1.7.0-openjdk-demo java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.i686.rpm
java-1.7.0-openjdk-demo java-1.7.0-openjdk-demo-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm
java-1.7.0-openjdk-devel java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.i686.rpm
java-1.7.0-openjdk-devel java-1.7.0-openjdk-devel-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm
java-1.7.0-openjdk-javadoc java-1.7.0-openjdk-javadoc-1.7.0.99-2.6.5.0.el6_7.noarch.rpm
java-1.7.0-openjdk-src java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.i686.rpm
java-1.7.0-openjdk-src java-1.7.0-openjdk-src-1.7.0.99-2.6.5.0.el6_7.x86_64.rpm