Advisories » MGASA-2016-0130

Updated java packages fix CVE-2016-0636

Publication date: 06 Apr 2016
Modification date: 06 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0636

Description

Updated java-1.8.0-openjdk packages fix security vulnerability:

An improper type safety check was discovered in the Hotspot component. An
untrusted Java application or applet could use this flaw to bypass Java
Sandbox restrictions (CVE-2016-0636).

Also, the icedtea-web package has been updated to version 1.6.2 to fix all
known issues in the Java browser plugin.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18069
• http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-February/034831.html
• https://rhn.redhat.com/errata/RHSA-2016-0513.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0636

SRPMS

5/core

• java-1.8.0-openjdk-1.8.0.77-1.b03.1.mga5
• icedtea-web-1.6.2-1.mga5