Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for OpenJDK7

Update to 2.6.7 - OpenJDK 7u111
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)

Fixed bugs
CVE-2016-3458
CVE-2016-3485
CVE-2016-3498
CVE-2016-3500
CVE-2016-3503
CVE-2016-3508
CVE-2016-3511
CVE-2016-3550
CVE-2016-3598
CVE-2016-3606
CVE-2016-3610
bnc#988651
JVM on PPC64 LE crashes due to an illegal instruction in JITed code (java-1_8_0-openjdk)
bnc#989722
VUL-0: CVE-2016-3606: java-1_8_0-openjdk,java-1_7_0-openjdk: insufficient bytecode verification (Hotspot, 8155981)
bnc#989723
VUL-0: CVE-2016-3598: java-1_8_0-openjdk: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)
bnc#989725
VUL-0: CVE-2016-3610: java-1_8_0-openjdk: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571)
bnc#989727
VUL-0: CVE-2016-3511: java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)
bnc#989728
VUL-0: CVE-2016-3503: java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in 6u121, 7u111, and 8u101 (Install)
bnc#989729
VUL-0: CVE-2016-3498: java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in 7u111 and 8u101 (JavaFX)
bnc#989730
VUL-0: CVE-2016-3500: java-1_8_0-openjdk,java-1_7_0-openjdk: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)
bnc#989731
VUL-0: CVE-2016-3508: java-1_8_0-openjdk,java-1_7_0-openjdk: missing entity replacement limits (JAXP, 8149962)
bnc#989732
VUL-0: CVE-2016-3458: java-1_8_0-openjdk,java-1_7_0-openjdk: insufficient restrictions on the use of custom ValueHandler (CORBA, 8079718)
bnc#989733
VUL-0: CVE-2016-3550: java-1_8_0-openjdk,java-1_7_0-openjdk: integer overflows in bytecode streams (Hotspot, 8152479)
bnc#989734
VUL-0: CVE-2016-3485: java-1_8_0-openjdk,java-1_7_0-openjdk: weak authentication secret in Pipe implementation on Windows (Networking, 8145446)
Selected Binaries
openSUSE Build Service is sponsored by
Places