What Are You Looking For?

Sign Up
Synopsis:          Critical: java-1.8.0-openjdk security update
Advisory ID:       SLSA-2018:1188-1
Issue Date:        2018-04-19
CVE Numbers:       CVE-2018-2814
                   CVE-2018-2794
                   CVE-2018-2795
                   CVE-2018-2815
                   CVE-2018-2799
                   CVE-2018-2798
                   CVE-2018-2797
                   CVE-2018-2796
                   CVE-2018-2800
                   CVE-2018-2790
--

Security Fix(es):

* OpenJDK: incorrect handling of Reference clones can lead to sandbox
bypass (Hotspot, 8192025) (CVE-2018-2814)

* OpenJDK: unrestricted deserialization of data from JCEKS key stores
(Security, 8189997) (CVE-2018-2794)

* OpenJDK: insufficient consistency checks in deserialization of multiple
classes (Security, 8189977) (CVE-2018-2795)

* OpenJDK: unbounded memory allocation during deserialization in
PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)

* OpenJDK: unbounded memory allocation during deserialization in
TabularDataSupport (JMX, 8189985) (CVE-2018-2797)

* OpenJDK: unbounded memory allocation during deserialization in Container
(AWT, 8189989) (CVE-2018-2798)

* OpenJDK: unbounded memory allocation during deserialization in
NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)

* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)
(CVE-2018-2800)

* OpenJDK: unbounded memory allocation during deserialization in
StubIORImpl (Serialization, 8192757) (CVE-2018-2815)

* OpenJDK: incorrect merging of sections in the JAR manifest (Security,
8189969) (CVE-2018-2790)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
--

SL6
  x86_64
    java-1.8.0-openjdk-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-headless-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-demo-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-demo-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-devel-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-devel-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-headless-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-src-1.8.0.171-3.b10.el6_9.x86_64.rpm
    java-1.8.0-openjdk-src-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm
  i386
    java-1.8.0-openjdk-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-debuginfo-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-headless-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-debug-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-demo-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-demo-debug-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-devel-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-devel-debug-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-headless-debug-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-src-1.8.0.171-3.b10.el6_9.i686.rpm
    java-1.8.0-openjdk-src-debug-1.8.0.171-3.b10.el6_9.i686.rpm
  noarch
    java-1.8.0-openjdk-javadoc-1.8.0.171-3.b10.el6_9.noarch.rpm
    java-1.8.0-openjdk-javadoc-debug-1.8.0.171-3.b10.el6_9.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2018-1188-1 Critical: java-1.8.0-openjdk on SL6.x i386/x86_64

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores ...

Summary

Critical: java-1.8.0-openjdk security update



Security Fixes

* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)
* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)
* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)
* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)
* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)
* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)
* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)
* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)
* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)
* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
SL6 x86_64 java-1.8.0-openjdk-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.171-3.b10.el6_9.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.171-3.b10.el6_9.x86_64.rpm i386 java-1.8.0-openjdk-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-debug-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.171-3.b10.el6_9.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.171-3.b10.el6_9.i686.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.171-3.b10.el6_9.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.171-3.b10.el6_9.noarch.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2018:1188-1
Issued Date: : 2018-04-19
CVE Numbers: CVE-2018-2814
CVE-2018-2794
CVE-2018-2795

Related News

Remotely Exploitable HAProxy Vuln Threatens Sensitive Data

Dec 8, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Severe Chromium DoS, Info Disclosure Vulns Fixed

Oct 25, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo