SciLinux: SLSA-2019-1815-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64

    Date22 Jul 2019
    358
    Posted ByLinuxSecurity Advisories
    OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
    Synopsis: Moderate: java-1.8.0-openjdk security update
    Advisory ID:       SLSA-2019:1815-1
    Issue Date:        2019-07-22
    CVE Numbers:       CVE-2019-2769
                       CVE-2019-2816
                       CVE-2019-2842
                       CVE-2019-2786
                       CVE-2019-2745
                       CVE-2019-2762
    --
    
    Security Fix(es):
    
    * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography
    (Security, 8208698) (CVE-2019-2745)
    
    * OpenJDK: Insufficient checks of suppressed exceptions in deserialization
    (Utilities, 8212328) (CVE-2019-2762)
    
    * OpenJDK: Unbounded memory allocation during deserialization in
    Collections (Utilities, 8213432) (CVE-2019-2769)
    
    * OpenJDK: Missing URL format validation (Networking, 8221518)
    (CVE-2019-2816)
    
    * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)
    (CVE-2019-2842)
    
    * OpenJDK: Insufficient restriction of privileges in AccessController
    (Security, 8216381) (CVE-2019-2786)
    --
    
    SL7
      x86_64
        java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-debuginfo-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-headless-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-accessibility-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-accessibility-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-demo-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-demo-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-devel-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-devel-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-headless-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-src-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6.i686.rpm
        java-1.8.0-openjdk-src-debug-1.8.0.222.b10-0.el7_6.x86_64.rpm
        java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.src.rpm
      noarch
        java-1.8.0-openjdk-javadoc-1.8.0.222.b10-0.el7_6.noarch.rpm
        java-1.8.0-openjdk-javadoc-debug-1.8.0.222.b10-0.el7_6.noarch.rpm
        java-1.8.0-openjdk-javadoc-zip-1.8.0.222.b10-0.el7_6.noarch.rpm
        java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.222.b10-0.el7_6.noarch.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.