Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606

An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Source

ALAS-2016-748

Amazon Linux AMI Security Advisory: ALAS-2016-748
Advisory Release Date: 2016-09-15 19:00 Pacific
Advisory Updated Date: 2016-09-15 19:00 Pacific

Severity: Important

References: CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606

Issue Overview:

An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606)

Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508)

Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Affected Packages:

java-1.6.0-openjdk

Issue Correction:
Run yum update java-1.6.0-openjdk to update your system.

New Packages:

i686:
    java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.75.amzn1.i686
    java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.75.amzn1.i686
    java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.75.amzn1.i686
    java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.75.amzn1.i686
    java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.75.amzn1.i686
    java-1.6.0-openjdk-1.6.0.40-1.13.12.6.75.amzn1.i686

src:
    java-1.6.0-openjdk-1.6.0.40-1.13.12.6.75.amzn1.src

x86_64:
    java-1.6.0-openjdk-devel-1.6.0.40-1.13.12.6.75.amzn1.x86_64
    java-1.6.0-openjdk-src-1.6.0.40-1.13.12.6.75.amzn1.x86_64
    java-1.6.0-openjdk-1.6.0.40-1.13.12.6.75.amzn1.x86_64
    java-1.6.0-openjdk-debuginfo-1.6.0.40-1.13.12.6.75.amzn1.x86_64
    java-1.6.0-openjdk-javadoc-1.6.0.40-1.13.12.6.75.amzn1.x86_64
    java-1.6.0-openjdk-demo-1.6.0.40-1.13.12.6.75.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2016-748

ALAS-2016-748

Vulmon Search

About

Products

Connect