jdk7-openjdk

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description OpenJDK Java 7 development kit
Version 7.u151_2.6.11-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-380 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-3544 AVG-380 Low Yes Content spoofing
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this...
CVE-2017-3539 AVG-380 Low Yes Access restriction bypass
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This...
CVE-2017-3533 AVG-380 Medium Yes Access restriction bypass
A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this...
CVE-2017-3526 AVG-380 High Yes Denial of service
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a...
CVE-2017-3511 AVG-380 High No Privilege escalation
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application...
CVE-2017-3509 AVG-380 Medium Yes Privilege escalation
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a...
CVE-2017-10176 AVG-380 Medium Yes Private key recovery
It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain...
CVE-2017-10135 AVG-380 Low Yes Private key recovery
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application...
CVE-2017-10118 AVG-380 Medium Yes Private key recovery
A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK.  A remote attacker able to make a Java application...
CVE-2017-10116 AVG-380 High Yes Privilege escalation
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP...
CVE-2017-10115 AVG-380 Medium Yes Private key recovery
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate...
CVE-2017-10111 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the...
CVE-2017-10110 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ImageWatched class in the AWT component of OpenJDK failed to properly perform access control checks.  An...
CVE-2017-10109 AVG-380 Medium Yes Access restriction bypass
It was discovered that the implementation of the CodeSource class in OpenJDK did not limit the amount of memory allocated when creating object instance from...
CVE-2017-10108 AVG-380 Medium Yes Denial of service
It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance...
CVE-2017-10107 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ActivationID class in the RMI component of OpenJDK failed to properly perform access control checks.  An...
CVE-2017-10102 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the DCG (Distributed Garbage Collector) implementation in the RMI component of OpenJDK failed to correctly handle references.  A...
CVE-2017-10101 AVG-380 Critical Yes Access restriction bypass
It was discovered that the JAXP component of OpenJDK failed to restrict access to certain internal classes.  An untrusted Java application or applet could...
CVE-2017-10096 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the TransformerException class in the JAXP component of OpenJDK failed to properly perform access control...
CVE-2017-10090 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the AsynchronousChannelGroupImpl class in the java.nio.channels package of the Libraries component of OpenJDK...
CVE-2017-10089 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ServiceRegistry class in the ImageIO component of OpenJDK failed to properly perform access control checks....
CVE-2017-10087 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ThreadPoolExecutor class in the java.util.concurrent package of the Libraries component of OpenJDK failed...
CVE-2017-10081 AVG-380 Medium Yes Access restriction bypass
A flaw was found in the way the Hotspot component of OpenJDK processed extraneous brackets in function signatures.  An untrusted Java application or applet...
CVE-2017-10074 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when generating range check loop predicates.  An...
CVE-2017-10067 AVG-380 High Yes Authentication bypass
It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing...
CVE-2017-10053 AVG-380 Low No Denial of service
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if that was not...

Advisories

Date Advisory Group Severity Description
12 Aug 2017 ASA-201708-8 AVG-380 Critical multiple issues