Gentoo Linux Security Advisory 201707-1 - Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 3.4.0 are affected.
0623e4d3abca09377537db725ce4ff922ab591a92df4341620aa94a4e2072b3c
Red Hat Security Advisory 2017-1216-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
84dd0e9308948c7a415adab659e14d620e0b251a8ae7e925fb16b9d7d3d57359
Red Hat Security Advisory 2017-0337-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
80816e5e06d1db1e4705f1cf3b21b2fa3078e663cae98366b11473550ceaafb6
Red Hat Security Advisory 2017-0338-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
a9351e872d1f0424ed35472f264f9140a906565da9bdf97aceea8a9405480b44
Red Hat Security Advisory 2017-0336-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
bf67796788d6688f8cad25c219b40ce4dfdcf1d3e33a19b364b3ab92ba80c155
Ubuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
401231d16faaf570a0694163991be2f69899e60a6316f4ea5ccc0ea0741ef00f
This paper documents deeper dive details of the security implications noted in CVE-2017-3241. Coupled with the JtaTransactionManager flaw from 2016, it demonstrates being able to achieve remote code execution.
934326ba2ee571c82aebb0cf5a71a24e7e74c20c069dcc353f0894a82feadcfb
Red Hat Security Advisory 2017-0269-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.
a21fd41c808b6aa885c14600c8570e57296cb524081c9778b48c723d181b5111
Debian Linux Security Advisory 3782-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel attacks.
786b57941e85dce2aa0c84048363490a99588af0393d00d26d2512a02e69f5f0
Red Hat Security Advisory 2017-0263-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
3e8911f88d953e01cf0b19699691373bca45b16ad4e4eb3c6679888b204404e7
Ubuntu Security Notice 3194-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
ca0c18acba4b88e6e80fee104c08afc6e2119a222bc4f831a5368db334579045
Gentoo Linux Security Advisory 201701-65 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code Versions less than 1.8.0.121 are affected.
1d411c67045468f66d9be8f87af444135bfe4edb5ff40c3d978dceeda485b1e7
Ubuntu Security Notice 3179-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
6bda3d62c1c8c78bd4f6b0e8698e7c3cd70f29a93396246928e224431ea0e83f
Oracle OpenJDK Runtime Environment build 1.8.0_112-b15 suffers from a java serialization denial of service vulnerability.
52868d5d4e4171ca13abb254c37c2df30559800d7ea5a50b2e3f2bd19a714287
Red Hat Security Advisory 2017-0180-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties.
817d786f6fcaf819d3a9638047776f9eaf7da5c64cde447e1fc2ba1a969a4ba5
Red Hat Security Advisory 2017-0177-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
ae4d009c248bbd120f03d4dc55a9c74408dec637b528ad73508558683fbf6323
Red Hat Security Advisory 2017-0176-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 131. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a54638ba9d5b266fd2367fb584c67c20283f34f7d1c0662c5c596eaff4089803
Red Hat Security Advisory 2017-0175-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 121. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
4902a1ac1fabefe6183069de29fa6034e1415ac33a613923da0a2ec406ffbd75