java security update

CentOS Errata and Security Advisory CESA-2016:1504

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment
and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

• Multiple flaws were discovered in the Hotspot and Libraries components in
  OpenJDK. An untrusted Java application or applet could use these flaws to
  completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598,
  CVE-2016-3610)

• Multiple denial of service flaws were found in the JAXP component in OpenJDK.
  A specially crafted XML file could cause a Java application using JAXP to
  consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500,
  CVE-2016-3508)

• Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An
  untrusted Java application or applet could use these flaws to bypass certain
  Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-July/084158.html
https://lists.centos.org/pipermail/centos-announce/2016-July/084159.html
https://lists.centos.org/pipermail/centos-announce/2016-July/084160.html

Affected packages:
java-1.7.0-openjdk
java-1.7.0-openjdk-accessibility
java-1.7.0-openjdk-demo
java-1.7.0-openjdk-devel
java-1.7.0-openjdk-headless
java-1.7.0-openjdk-javadoc
java-1.7.0-openjdk-src

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1504