Debian Security Advisory

DSA-3782-1 openjdk-7 -- security update

Date Reported:
08 Feb 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3260, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289.
More information:

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the bypass of Java sandbox restrictions, denial of service, arbitrary code execution, incorrect parsing of URLs/LDAP DNs or cryptographic timing side channel attacks.

For the stable distribution (jessie), these problems have been fixed in version 7u121-2.6.8-2~deb8u1.

We recommend that you upgrade your openjdk-7 packages.