RHSA-2016:0098: java-1.8.0-ibm security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | January 21, 2016 | February 04, 2016 | March 21, 2018 |
Description
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBMJava Software Development Kit.This update fixes several vulnerabilities in the IBM Java RuntimeEnvironment and the IBM Java Software Development Kit. Further informationabout these flaws can be found on the IBM Java Security alerts page, listedin the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-8126,CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475,CVE-2016-0483, CVE-2016-0494)Note: This update also disallows the use of the MD5 hash algorithm in thecertification path processing. The use of MD5 can be re-enabled by removingMD5 from the jdk.certpath.disabledAlgorithms security property defined inthe java.security file.All users of java-1.8.0-ibm are advised to upgrade to these updatedpackages, containing the IBM Java SE 8 SR2-FP10 release. All runninginstances of IBM Java must be restarted for the update to take effect.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
redhat-upgrade-java-1-8-0-ibmRelated Vulnerabilities
- Alpine Linux: CVE-2015-8472: libpng Incomplete fix for CVE-2015-8126
- IBM AIX: java_jan2016_advisory (CVE-2016-0448): Vulnerability in IBM Java SDK affects AIX
- IBM AIX: java_jan2016_advisory (CVE-2016-0494): Vulnerability in IBM Java SDK affects AIX
- Java CPU January 2016 Java SE, Java SE Embedded, JRockit JAXP vulnerability (CVE-2016-0466)
- ELSA-2015-2596 Moderate: Oracle Linux libpng security update
- Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2016-654) (multiple CVEs)
- Java CPU January 2016 Java SE, Java SE Embedded, JRockit Libraries vulnerability (CVE-2016-0475)
- RHSA-2016:0053: java-1.7.0-openjdk security update
- ELSA-2016-0008 Moderate: Oracle Linux openssl security update
- F5 Networks: K81903701 (CVE-2015-8472): Libpng vulnerability CVE-2015-8472
- MFSA2015-150 Thunderbird: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
- ELSA-2016-0049 Critical: Oracle Linux java-1.8.0-openjdk security update
- Java CPU January 2016 Java SE, Java SE Embedded JMX vulnerability (CVE-2016-0448)
- RHSA-2015:2596: libpng security update
- Debian: CVE-2015-8472: libpng -- security update
- Gentoo Linux: CVE-2016-0475: Oracle JRE/JDK: Multiple vulnerabilities
- RHSA-2015:2595: libpng12 security update
- Cent OS: CVE-2015-8472: CESA-2015:2594 (libpng)
- Amazon Linux AMI: Security patch for libpng (ALAS-2015-615) (multiple CVEs)
- Amazon Linux AMI: Security patch for nss (ALAS-2016-645) (CVE-2015-7575)
- Gentoo Linux: CVE-2015-8126: libpng: Multiple vulnerabilities
- IBM AIX: java_jan2016_advisory (CVE-2015-8472): Vulnerability in IBM Java SDK affects AIX
- Oracle Solaris 11: CVE-2015-7575: Vulnerability in Firefox, Thunderbird
- RHSA-2016:0049: java-1.8.0-openjdk security update
- IBM AIX: java_jan2016_advisory (CVE-2016-0402): Vulnerability in IBM Java SDK affects AIX
- Java CPU January 2016 Java SE, Java SE Embedded 2D vulnerability (CVE-2016-0494)
- RHSA-2016:0008: openssl security update
- Amazon Linux AMI: Security patch for gnutls (ALAS-2016-651) (CVE-2015-7575)
- Amazon Linux AMI: Security patch for libpng (ALAS-2015-611) (CVE-2015-8126)
- Ubuntu: USN-2861-1 (CVE-2015-8472): libpng vulnerabilities
- RHSA-2016:0101: java-1.6.0-ibm security update
- Alpine Linux: CVE-2015-7575: nss security issues
- OS X update for Python (CVE-2015-8126)
- IBM AIX: java_jan2016_advisory (CVE-2015-8126): Vulnerability in IBM Java SDK affects AIX
- ELSA-2016-0012 Moderate: Oracle Linux gnutls security update
- Gentoo Linux: CVE-2016-0402: Oracle JRE/JDK: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- ELSA-2016-0067 Important: Oracle Linux java-1.6.0-openjdk security update
- ELSA-2016-0054 Important: Oracle Linux java-1.7.0-openjdk security update
- Gentoo Linux: CVE-2016-0466: Oracle JRE/JDK: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- MFSA2015-150 Firefox: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
- IBM AIX: java_jan2016_advisory (CVE-2016-0466): Vulnerability in IBM Java SDK affects AIX
- ELSA-2016-0053 Critical: Oracle Linux java-1.7.0-openjdk security update
- IBM AIX: java_jan2016_advisory, nettcp_advisory2, openssl_advisory16 (CVE-2015-7575): Vulnerability in IBM Java SDK affects AIX
- ELSA-2015-2595 Moderate: Oracle Linux libpng12 security update
- FreeBSD: NSS -- MD5 downgrade in TLS 1.2 signatures (CVE-2015-7575)
- Oracle Solaris 11: CVE-2015-8126: Vulnerability in LibPNG
- Gentoo Linux: CVE-2016-0483: Oracle JRE/JDK: Multiple vulnerabilities
- Gentoo Linux: CVE-2015-7575: Mozilla Network Security Service (NSS): Multiple vulnerabilities
- Amazon Linux AMI: Security patch for openssl (ALAS-2016-661) (multiple CVEs)
- FreeBSD: libpng buffer overflow in png_set_PLTE (Multiple CVEs)
- RHSA-2016:0067: java-1.6.0-openjdk security update
- RHSA-2016:0054: java-1.7.0-openjdk security update
- Java CPU January 2016 Java SE, Java SE Embedded, JRockit Security vulnerability (CVE-2015-7575)
- RHSA-2016:0012: gnutls security update
- ELSA-2016-0050 Important: Oracle Linux java-1.8.0-openjdk security update
- Java CPU January 2016 Java SE, Java SE Embedded AWT vulnerability (CVE-2015-8126)
- SUSE: CVE-2015-8472: SUSE Linux Security Advisory
- RHSA-2016:0007: nss security update
- RHSA-2016:0099: java-1.7.1-ibm security update
- OS X update for apache_mod_php (CVE-2015-8472)
- Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2016-647) (multiple CVEs)
- OS X update for Tcl (CVE-2015-8126)
- Gentoo Linux: CVE-2016-0448: Oracle JRE/JDK: Multiple vulnerabilities
- Alpine Linux: CVE-2015-8126: libpng Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
- OS X update for Python (CVE-2015-8472)
- RHSA-2016:0050: java-1.8.0-openjdk security update
- ELSA-2016-0007 Moderate: Oracle Linux nss security update
- IBM AIX: java_jan2016_advisory (CVE-2015-5041): Vulnerability in IBM Java SDK affects AIX
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2016-643) (multiple CVEs)
- Java CPU January 2016 Java SE, Java SE Embedded, JRockit AWT vulnerability (CVE-2016-0483)
- Gentoo Linux: CVE-2016-0494: Oracle JRE/JDK: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- ELSA-2015-2594 Moderate: Oracle Linux libpng security update
- OS X update for apache_mod_php (CVE-2015-8126)
- IBM AIX: java_jan2016_advisory (CVE-2016-0483): Vulnerability in IBM Java SDK affects AIX
- RHSA-2016:0100: java-1.7.0-ibm security update
- IBM AIX: java_jan2016_advisory (CVE-2016-0475): Vulnerability in IBM Java SDK affects AIX
- RHSA-2015:2594: libpng security update
- Java CPU January 2016 Java SE, Java SE Embedded Networking vulnerability (CVE-2016-0402)