Insecure deserialization In java-1.6.0-openjdk
Description
It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel7 | 1:1.6.0.33-1.13.5.0.el7_0 | ||
rpm rhel6 | 1:1.6.0.33-1.13.5.0.el6_6 | ||
rpm rhel5 | 1:1.7.0.71-2.5.3.1.el5_11 | ||
rpm rhel6 | 1:1.7.0.71-2.5.3.1.el6 | ||
rpm rhel6 | 0:1.8.0.25-1.b17.el6 | ||
rpm rhel5 | 1:1.6.0.33-1.13.5.0.el5_11 | ||
rpm rhel7 | 1:1.7.0.71-2.5.3.1.el7_0 |
Aliases
1. 2. 3.