Overview

File _patchinfo of Package patchinfo.4812

<patchinfo incident="4812">
  <issue id="1027038" tracker="bnc">VUL-0: java-1_8_0-ibm, java-1_7_1-ibm, java-1_7_0-ibm, java-1_6_0-ibm: February java update to fix CVE-2016-2183</issue>
  <issue id="1038505" tracker="bnc">VUL-0: IBM Java May 2017 release</issue>
  <issue id="2017-3514" tracker="cve" />
  <issue id="2017-1289" tracker="cve" />
  <issue id="2016-9842" tracker="cve" />
  <issue id="2016-2183" tracker="cve" />
  <issue id="2017-3544" tracker="cve" />
  <issue id="2017-3509" tracker="cve" />
  <issue id="2017-3539" tracker="cve" />
  <issue id="2016-9840" tracker="cve" />
  <issue id="2017-3533" tracker="cve" />
  <issue id="2016-9843" tracker="cve" />
  <issue id="2016-9841" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>scarabeus_iv</packager>
  <description>
This update for java-1_6_0-ibm fixes the following issues:

- Version update to 6.0-16.45 bsc#1038505

  - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c
  - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c
  - CVE-2016-9842: zlib: Undefined left shift of negative number
  - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer
  - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data
  - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections 
  - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification 
  - CVE-2017-3533: OpenJDK: newline injection in the FTP client
  - CVE-2017-3544: OpenJDK: newline injection in the SMTP client

- Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183

</description>
  <summary>Security update for java-1_6_0-ibm</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places