SB2017102425 - Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7 update for java-1.6.0-sun
Published: October 24, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017102425
Severity
Medium
Patch available
YES
Number of vulnerabilities
18
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2016-9840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
2) Denial of service (CVE-ID: CVE-2016-9841)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Denial of service (CVE-ID: CVE-2016-9842)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to an undefined left shift of negative number. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Denial of service (CVE-ID: CVE-2016-9843)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to big-endian out-of-bounds pointer. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Improper access control (CVE-ID: CVE-2017-10274)
The vulnerability allows a remote attacker to access potentially sensitive information.The weakness exists due to a flaw in the Smart Card IO component. A remote attacker can read and modify arbitrary files on the target system.
6) Denial of service (CVE-ID: CVE-2017-10281)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
7) Privilege escalation (CVE-ID: CVE-2017-10285)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the RMI component. A remote attacker can escalate his privileges on the target system.
8) Improper access control (CVE-ID: CVE-2017-10293)
The vulnerability allows a remote attacker to access potentially sensitive information.The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially read and modify arbitrary files on the target system.
9) Improper access control (CVE-ID: CVE-2017-10295)
The vulnerability allows a remote attacker to access potentially sensitive information.The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially modify arbitrary files on the target system.
10) Improper access control (CVE-ID: CVE-2017-10345)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
11) Privilege escalation (CVE-ID: CVE-2017-10346)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the Hotspot component. A remote attacker can escalate his privileges on the target system.
12) Denial of service (CVE-ID: CVE-2017-10347)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
13) Improper access control (CVE-ID: CVE-2017-10348)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Libraries component. A remote attacker can trigger partial denial of service.
14) Improper access control (CVE-ID: CVE-2017-10349)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the JAXP component. A remote attacker can trigger partial denial of service.
15) Improper access control (CVE-ID: CVE-2017-10355)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Networking component. A remote attacker can trigger partial denial of service.
16) Improper access control (CVE-ID: CVE-2017-10356)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.The weakness exists due to a flaw in the Security component. A remote attacker can gain unauthorized access to sensitive information.
17) Improper access control (CVE-ID: CVE-2017-10357)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
18) Privilege escalation (CVE-ID: CVE-2017-10388)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the Libraries component. A remote attacker can escalate his privileges on the target system.
Remediation
Install update from vendor's website.