Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-451-1 openjdk-7

Debian Security Advisory

DLA-451-1 openjdk-7 -- LTS security update

Date Reported:

03 May 2016

Affected Packages:

openjdk-7

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-0636, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427.

More information:

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.

For Debian 7 Wheezy, these problems have been fixed in version 7u101-2.6.6-2~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Please note that OpenJDK 7 will be made the new default Java implementation on 26 June 2016. For further information please refer to

https://wiki.debian.org/LTS/Wheezy