IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix: * OpenJDK: insufficient validation of the invokeinterface instruction * OpenJDK: LDAPCertStore insecure handling of LDAP referrals * OpenJDK: use of global credentials for HTTP/SPNEGO * OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter * OpenJDK: GTK library loading use-after-free * OpenJDK: LdapLoginModule insufficient username encoding in LDAP query * OpenJDK: DnsClient missing source port randomization * OpenJDK: loading of classes from untrusted locations * OpenJDK: DerValue unbounded memory allocation * OpenJDK: insufficient strength of key agreement * Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 * OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state * OpenJDK: unbounded memory allocation during deserialization * OpenJDK: unbounded memory allocation in BasicAttributes deserialization * OpenJDK: unsynchronized access to encryption key data For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.