Description
It was discovered that the Hotspot component of OpenJDK did not properly check
arguments of the System.arraycopy() function in certain cases. An untrusted Java
application or applet could use this flaw to corrupt virtual machine's memory
and completely bypass Java sandbox restrictions. (CVE-2016-5582)
* It was discovered that the Hotspot component of OpenJDK did not properly check
received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use
this flaw to send debugging commands to a Java program running with debugging
enabled if they could make victim's browser send HTTP requests to the JDWP port
of the debugged application. (CVE-2016-5573)
* It was discovered that the Libraries component of OpenJDK did not restrict the
set of algorithms used for Jar integrity verification. This flaw could allow an
attacker to modify content of the Jar file that used weak signing key or hash
algorithm. (CVE-2016-5542)
* A flaw was found in the way the JMX component of OpenJDK handled classloaders.
An untrusted Java application or applet could use this flaw to bypass certain
Java sandbox restrictions. (CVE-2016-5554)
* A flaw was found in the way the Networking component of OpenJDK handled HTTP
proxy authentication. A Java application could possibly expose HTTPS server
authentication credentials via a plain text network connection to an HTTP proxy
if proxy asked for authentication. (CVE-2016-5597)