SB2017050216 - Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7 update for java-1.6.0-sun

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2017-3509)

The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.

The weakness exists due to unknown error. A remote attacker can read and modify arbitrary files.

2) Denial of service (CVE-ID: CVE-2017-3526)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted webpage and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Security restrictions bypass (CVE-ID: CVE-2017-3533)

The vulnerability allows a remote attacker to modify information on the target system.

The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit Networking component. A remote attacker can access and modify arbitrary data.

4) Security restrictions bypass (CVE-ID: CVE-2017-3539)

The vulnerability allows a remote attacker to modify information on the target system.

The weakness exists due to unknown error related to the Java SE, Java SE Embedded Security component. A remote attacker can trick the victim into visiting a specially crafted webpage, access and modify arbitrary data.

5) Security restrictions bypass (CVE-ID: CVE-2017-3544)

The vulnerability allows a remote attacker to modify information on the target system.

The weakness exists due to unknown error related to the Java SE, Java SE Embedded Networking component. A remote attacker can access and modify arbitrary data.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2017:1119