Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2016-723

Related Vulnerabilities: CVE-2016-3458   CVE-2016-3500   CVE-2016-3508   CVE-2016-3550   CVE-2016-3587   CVE-2016-3598   CVE-2016-3606   CVE-2016-3610  

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Source

ALAS-2016-723

Amazon Linux AMI Security Advisory: ALAS-2016-723
Advisory Release Date: 2016-07-20 18:00 Pacific
Advisory Updated Date: 2016-07-20 18:00 Pacific
Severity: Critical
Issue Overview:

Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610)

Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508)

Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)


Affected Packages:

java-1.8.0-openjdk


Issue Correction:
Run yum update java-1.8.0-openjdk to update your system.

New Packages:
i686:
    java-1.8.0-openjdk-demo-1.8.0.101-3.b13.24.amzn1.i686
    java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.24.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.101-3.b13.24.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.101-3.b13.24.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.101-3.b13.24.amzn1.i686
    java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-1.8.0.101-3.b13.24.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.src

x86_64:
    java-1.8.0-openjdk-headless-1.8.0.101-3.b13.24.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.101-3.b13.24.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.101-3.b13.24.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.101-3.b13.24.amzn1.x86_64
    java-1.8.0-openjdk-debuginfo-1.8.0.101-3.b13.24.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started