| Description: | Summary:
The remote host is missing an update for the 'java-1.6.0-openjdk'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The java-1.6.0-openjdk packages provide
the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development
Kit.
Security Fix(es):
* An insufficient bytecode verification flaw was discovered in the Hotspot
component in OpenJDK. An untrusted Java application or applet could use
this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606)
* Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application using
JAXP to consume an excessive amount of CPU and memory when parsed.
(CVE-2016-3500, CVE-2016-3508)
* Multiple flaws were found in the CORBA and Hotsport components in
OpenJDK. An untrusted Java application or applet could use these flaws to
bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
Affected Software/OS:
java-1.6.0-openjdk on Red Hat Enterprise
Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)
Solution:
Please Install the Updated Packages.
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
