Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity issuepatch

SUSE: 2022:4166-1 Important: Java Security Issues Resolved

An update that solves 10 vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4166-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 #1204468 #1204471 #1204472 #1204473 #1204475 #1204480 #1205302 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-34169 CVE-2022-39399 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap15.4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - CVE-2022-21549: Fixed exponentials issue (bsc#1201685). - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692). - CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684). - CVE-2022-21540: Fixed a class compilation issue (bsc#1201694). - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with "kill -3" SIGQUIT signal freezes Java process Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4166=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4166=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4166=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4166=1 - SUSE Manager Proxy 4.1: zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4166=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4166=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4166=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4166=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4166=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4166=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4166=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4166=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4166=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4166=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-demo-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-src-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-demo-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-src-1.8.0_sr7.20-150000.3.65.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 -SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.65.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.65.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-21618.html https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://www.suse.com/security/cve/CVE-2022-34169.html https://www.suse.com/security/cve/CVE-2022-39399.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427 https://bugzilla.suse.com/1204468 https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 https://bugzilla.suse.com/1204480 https://bugzilla.suse.com/1205302 . SUSE release tackles 12 vulnerabilities in OpenJDK 8. Urgent patches provided formultiple systems.. Java Security Update,SUSE Linux Update,Java Vulnerability Patch. . Severity: Important. LinuxSecurity.com Team

Nov 22, 2022 •Important SuSE

security advisorysecurity fiximportant

RedHat Enterprise Linux 7: RHSA-2019-1164-01 Important: Java Security Fix

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2019:1164-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2019:1164 Issue date: 2019-05-13 CVE Names: CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 CVE-2019-10245 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es): * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeletonselection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1700440 - CVE-2019-2602 OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) 1700447 - CVE-2019-2698 OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) 1700564 - CVE-2019-2684 OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) 1704480 - CVE-2019-2697 Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) 1704799 - CVE-2019-10245 IBM JDK: Read beyond the end of bytecode array causing JVM crash 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.7): ppc64: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.35-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.35-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2019-2602 https://access.redhat.com/security/cve/CVE-2019-2684 https://access.redhat.com/security/cve/CVE-2019-2697 https://access.redhat.com/security/cve/CVE-2019-2698 https://access.redhat.com/security/cve/CVE-2019-10245 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXNnc9tzjgjWX9erEAQgCIA/5AakbOaUQm3vgMvD2nf4EvdRpA+KS9w9R Oygbx4dqbI9G/xNzwfC+uAcGY7E1vPUGcZjH5yaTKC+QvXyFV1/zaBzyTI3PaViF 63XshUPxAZHMFcIC+skZNEToyZv0yZQa57uju3xcTaFR1bK5wIXlv7EiqfYnttBD kHZZLr0vobpMKW3rTuRlYVeYmHSzurp6Y/JCd0mWIdnZhDvhndJseD67nfGxJwNm oE1QswYILa52dCJQshgyPqMbQT0aolD2uH2n0vyhlfNjIKsDY1DLpB6yIBhg2ajY yqtwWAO/Zh84hR/R4PzEjWV0GvBcEUi4CYFnptUS9ctY0O0TjNqeR47A6gfRfYuK WVq/R2JFCEty/k3dcbigN29ipS2fa6lC2e2H6ksGDrdY0MjxzxeADgbhIC8eGoCr /y2D1xqr5MxuCzuyhO7zPGNFRb3WCDadScFwkUsSedrSsmjyr1wRwpNUGJ7xM3o2 MT2QQOTQQhhCVtKDwB4MjbCqLWFp+OcDAqvs4bFJnu/QLNQTP3KfamDZS+vJi0fz wlCJHgQM3+2EvKxRqJy0mgUTJBDXJVUHH7nEe7We230EB13r3s0FxjTArwQ7Kp1O EgVKRCjdglrOK6nifQJ/JhzZ99GTcTuM5GHynSTHqwAZFtRrBQ6lBqhotagR422m ZoiBpojWwss=/JpU -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical patch for java-1.8.0-ibm has just been released for Red Hat Enterprise Linux 7.. Red Hat, Java SE, Security Advisory, Enterprise Linux, Software Update. . Severity: Important. LinuxSecurity.com Team

May 13, 2019 •Important Red Hat

security advisorysecurity issueupdate

Red Hat Enterprise Linux 7 Critical: RHSA-2018-3534 Java Security Update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-ibm security update Advisory ID: RHSA-2018:3534-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:3534 Issue date: 2018-11-08 Updated on: 2018-11-09 CVE Names: CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 CVE-2018-13785 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of thetrustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service 1639268 - CVE-2018-3183 OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226) 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v.7): x86_64: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.25-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v.7): x86_64: java-1.8.0-ibm-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.25-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.25-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3136 https://access.redhat.com/security/cve/CVE-2018-3139 https://access.redhat.com/security/cve/CVE-2018-3149 https://access.redhat.com/security/cve/CVE-2018-3169 https://access.redhat.com/security/cve/CVE-2018-3180 https://access.redhat.com/security/cve/CVE-2018-3183 https://access.redhat.com/security/cve/CVE-2018-3214 https://access.redhat.com/security/cve/CVE-2018-13785 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+V0ldzjgjWX9erEAQjBVw/+Ka3nrDA41jg87oXrKyvmlJThs5rLhMfL Mj/hqjUdtLpm8L8UzEi/YYerv6KCVpJ4zs3gpictKl7dGXUDM+4w38br0/77wqFr 7hTma4aMVksiyxTIA0cpFLYc+ih3rVDe7GmNjR7AxhVOLT9e2VAwCkt3e25sP+cs anlt3hTxAvLDt6D6a0xgL1TGYCr20ezUZM2akc8s9im7q9M3bx3RNKdCJdsgvtaH 2zSGGg59yO7A1wdQGRB7su4WvbuMkPPfbXUDU5c+2dl7HKD1xuHNJVVbRvHPlnlP 4M7Z+vBqEjiHdaqTKAhuzF9OVFXF4TT77JNfSzEiignMQdvM7ig7Rmmby7y5Gcul iOXmVJ7+rbSPUoPolzuIYlVzj44h4kllYZ1kG4jLnqbM/IiH4RFWd53tA5FcIc+x R9XWOokdeshXl7r+GlueaC94lVYxAeLEFpuuK4jyub5m4/caFUS7GnAcbH8M/ZJT iCXVq00diYwxrDHm9G+riH1JRsXil3Tq25XDp7fCd6K7NX5P7ds+J8Jp7NU/epvq uF1U8M4PDbzIlBUwrDzHO3UI2cPKxQZ6hIG9TgUPk6FU9c5CWKxIOWT5gVqoHChM rlqhS/cou/KuH/1ihcP2KKFhc0hpL02shvwbO8kFl04P+BPPgovS2YVjZme4CPZa 515DADzXYAY=tzAx -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An importantpatch for java-1.8.0-ibm on Red Hat Enterprise Linux tackles significant vulnerabilities and reinforces system security.. Red Hat Java Update, Security Advisory RHSA-2018, Linux Critical Update, java-1.8.0-ibm Security Fix. . Severity: Critical. LinuxSecurity.com Team

Nov 09, 2018 •Critical Red Hat

security advisorycriticalsecurity fix

Red Hat Enterprise Linux 5: RHSA-2017:0337-01 Critical: Java Issues

An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2017:0337-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:0337.html Issue date: 2017-02-28 CVE Names: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 ==================================================================== 1. Summary: An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR10-FP1. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.(CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm ppc: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.ppc.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.s390.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5547 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5549 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/cve/CVE-2017-3289 https://access.redhat.com/security/updates/classification/#critical https://developer.ibm.com/devpractices/security/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYtUA1XlSAg2UNWIIRAmq2AKCV7nZR8VjvrfQRlilHGTp4hInPCwCfX+Ta Td7/ZemYxEfQYiWKAXVFWQM=svw8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical releases a vital patch for java-1.8.0-openjdk tackling several vulnerabilities within the execution environment.. Java Runtime Security, Red Hat Updates, Critical Fixes, IBM Runtime Environment. . Severity: Critical. LinuxSecurity.com Team

Feb 28, 2017 •Critical Red Hat

security advisoryupdatered hat

Red Hat 5: RHSA-2016-0100-01 Critical: IBM Java Security Update

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2016:0100-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:0100.html Issue date: 2016-02-02 CVE Names: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 ==================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472,CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP30 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.30-1jpp.1.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.30-1jpp.1.el5.x86_64.rpm These packages are GPG signed byRed Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-5041 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/cve/CVE-2015-8540 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWsMKEXlSAg2UNWIIRAqilAJ4sljRpJ9y1h2sYvEXd9W1WwJCvAACfWd/t e6w3NzuFQbPRSX3TR57CJAc=aMV0 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security patch released for IBM Java addressing several vulnerabilities on Red Hat Enterprise Linux 5. Upgrade immediately!. IBM Java Update, Red Hat Advisory, Security Impact, Critical Fix. . Severity: Critical. LinuxSecurity.com Team

Feb 02, 2016 •Critical Red Hat

security advisorysecurity issuered hat

Red Hat: RHSA-2015:1488-01 Critical: IBM Java Security Update

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2015:1488-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2015:1488.html Issue date: 2015-07-23 CVE Names: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 ==================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Furtherinformation about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: This update forces the TLS/SSL client implementation in IBM JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR9-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClientfails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) 1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm ppc: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390.rpm java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390x.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm These packages are GPG signed byRed Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-1931 https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2613 https://access.redhat.com/security/cve/CVE-2015-2619 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2637 https://access.redhat.com/security/cve/CVE-2015-2638 https://access.redhat.com/security/cve/CVE-2015-2664 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4729 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4736 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification#critical https://www.ibm.com/support/pages/java-sdk/ https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVsVLIXlSAg2UNWIIRAun4AJ41kmCyeTulC++q/BehJgI5rirnogCgw6Gl UH4PDJEVOePlYDzgQN5Oq9c=7lUk -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important patch for IBM Java 1.7.0 resolving numerous vulnerabilities in Red Hat Enterprise Linux.. Red Hat Linux, IBM Java Security, Java Security Update, Critical Software Patch. . Severity: Critical. LinuxSecurity.com Team

Jul 23, 2015 •Critical Red Hat

security advisorysecurity issuered hat

Red Hat: 2015:1021-01 Important: IBM Java Runtime Security Fix

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:1021-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2015:1021.html Issue date: 2015-05-20 CVE Names: CVE-2005-1080 CVE-2015-0138 CVE-2015-0192 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-2808 ==================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customersare advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section. Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP10 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 606442 - CVE-2005-1080 jar: directory traversal vulnerability 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1210355 - CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726) 1210829 - CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D,8067699) 1211299 - CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320) 1211504 - CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) 1211543 - CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720) 1211768 - CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1211769 - CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D) 1219212 - CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass 1219215 - CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass 1219223 - CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v.6): i386: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.10-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.10-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2005-1080 https://access.redhat.com/security/cve/CVE-2015-0138 https://access.redhat.com/security/cve/CVE-2015-0192 https://access.redhat.com/security/cve/CVE-2015-0459 https://access.redhat.com/security/cve/CVE-2015-0469 https://access.redhat.com/security/cve/CVE-2015-0477 https://access.redhat.com/security/cve/CVE-2015-0478 https://access.redhat.com/security/cve/CVE-2015-0480 https://access.redhat.com/security/cve/CVE-2015-0488 https://access.redhat.com/security/cve/CVE-2015-0491 https://access.redhat.com/security/cve/CVE-2015-1914 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/support/pages/java-sdk/ https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c4 https://www.ibm.com/support/pages/java-sdk/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . The latestupdate to the IBM Java Runtime Environment addresses multiple security vulnerabilities in Red Hat Enterprise Linux versions 5 and 6.. Red Hat Enterprise Linux, IBM Java Update, Security Advisory, Runtime Environment, Java Security. . Severity: Important. LinuxSecurity.com Team

May 20, 2015 •Important Red Hat

security advisorysecurity issueupdate

Red Hat 5 & 6: RHSA-2015:0136-01 Important Java Update Security Issue

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:0136-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2015:0136.html Issue date: 2015-02-05 CVE Names: CVE-2014-6585 CVE-2014-6591 CVE-2014-6593 CVE-2014-8891 CVE-2014-8892 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 ==================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM JavaRuntime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP9 release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v.5): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.5): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.s390.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v.6): i386: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6.i686.rpm java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-8891 https://access.redhat.com/security/cve/CVE-2014-8892 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/updates/classification#important https://www.ibm.com/support/pages/java-sdk/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU08c8XlSAg2UNWIIRAsvfAJ4pkIgkbu8Iy6Fvq+KY84O+G+UkSQCfVj1Q DMGOO3AniQeDlgUzvDSuZXY=Y+zq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Revised java-1.5.0-ibm distributions forRed Hat address critical vulnerabilities and necessitate prompt action for updates.. Java Update, Red Hat Security, Important Updates, Security Fixes. . Severity: Important. LinuxSecurity.com Team

Feb 05, 2015 •Important Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

SUSE: 2022:4166-1 Important: Java Security Issues Resolved

RedHat Enterprise Linux 7: RHSA-2019-1164-01 Important: Java Security Fix

Red Hat Enterprise Linux 7 Critical: RHSA-2018-3534 Java Security Update

Red Hat Enterprise Linux 5: RHSA-2017:0337-01 Critical: Java Issues

Red Hat 5: RHSA-2016-0100-01 Critical: IBM Java Security Update

Red Hat: RHSA-2015:1488-01 Critical: IBM Java Security Update

Red Hat: 2015:1021-01 Important: IBM Java Runtime Security Fix

Red Hat 5 & 6: RHSA-2015:0136-01 Important Java Update Security Issue

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!