Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of servicesoftware updateUbuntu 19.04 & 18.04 LTS: USN-4083-1 Critical OpenJDK Denial of Service
Several security issues were fixed in OpenJDK 11.. =========================================================================Ubuntu Security Notice USN-4083-1 July 31, 2019 openjdk-lts vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenJDK 11. Software Description: - openjdk-lts: Open Source Java implementation Details: It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) It was discovered that the ChaCha20Cipher implementation in OpenJDK did not use constant time computations in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2818) It was discovered that the Java Secure Socket Extension (JSSE) component in OpenJDK did not properly handle OCSP stapling messages during TLS handshake in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2821) It was discovered that OpenJDK incorrectly handledcertain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: openjdk-11-jdk 11.0.4+11-1ubuntu2~19.04 openjdk-11-jdk-headless 11.0.4+11-1ubuntu2~19.04 openjdk-11-jre 11.0.4+11-1ubuntu2~19.04 openjdk-11-jre-headless 11.0.4+11-1ubuntu2~19.04 openjdk-11-jre-zero 11.0.4+11-1ubuntu2~19.04 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jdk-headless 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre-headless 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre-zero 11.0.4+11-1ubuntu2~18.04.3 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2818, CVE-2019-2821, CVE-2019-7317 Package Information: https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.4+11-1ubuntu2~19.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.4+11-1ubuntu2~18.04.3 . Multiple vulnerabilities have been addressed in OpenJDK 11 for Ubuntu versions 18.04 and 19.04, bolstering both security and performance.. openjdk vulnerabilities, ubuntu security updates, denial of service, java security issues. . Severity: Critical. LinuxSecurity.com Team
Jul 31, 2019
•Critical
Ubuntu
202
security advisorycriticalsecurity fixopenSUSE Leap 42.1: SU-2016:0270-1 Critical Access Issue for Java
An update that fixes 32 vulnerabilities is now available. An update that fixes 32 vulnerabilities is now available. An update that fixes 32 vulnerabilities is now available.. openSUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0270-1 Rating: critical References: #951376 #960996 #962743 Cross-References: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 32 vulnerabilities is now available. Description: java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Includes the following fixes from the October 2015 update: (bsc#951376) - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4805: A remote user can exploit a flaw in the Embedded Serialization component to gain elevated privileges - CVE-2015-4806: A remote user can exploit a flaw in the Java SE Embedded Libraries component to partially access and partially modify data - CVE-2015-4835: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4842: A remote user can exploit a flaw in the Embedded JAXP component to partially access data - CVE-2015-4843: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4844: A remote user can exploit a flaw in the Embedded 2D component to gain elevated privileges - CVE-2015-4860: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4872: A remote user can exploit a flaw in the JRockit Security component to partially modify data []. - CVE-2015-4881: A remote user can exploit a flaw in the Embedded CORBA component to gain elevated privileges - CVE-2015-4882: A remote user can exploit a flaw in the Embedded CORBA component to cause partial denial of service conditions - CVE-2015-4883: A remote user can exploit a flaw in the Embedded RMI component to gain elevated privileges - CVE-2015-4893: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4902: A remote user can exploit a flaw in the Java SE Deployment component to partially modify data - CVE-2015-4903: A remoteuser can exploit a flaw in the Embedded RMI component to partially access data - CVE-2015-4911: A remote user can exploit a flaw in the JRockit JAXP component to cause partial denial of service conditions - CVE-2015-4810: A local user can exploit a flaw in the Java SE Deployment component to gain elevated privileges - CVE-2015-4840: A remote user can exploit a flaw in the Embedded 2D component to partially access data - CVE-2015-4868: A remote user can exploit a flaw in the Java SE Embedded Libraries component to gain elevated privileges - CVE-2015-4901: A remote user can exploit a flaw in the JavaFX component to gain elevated privileges - CVE-2015-4906: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4908: A remote user can exploit a flaw in the JavaFX component to partially access data - CVE-2015-4916: A remote user can exploit a flaw in the JavaFX component to partially access data Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-106=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): java-1_8_0-openjdk-1.8.0.72-6.1 java-1_8_0-openjdk-accessibility-1.8.0.72-6.1 java-1_8_0-openjdk-debuginfo-1.8.0.72-6.1 java-1_8_0-openjdk-debugsource-1.8.0.72-6.1 java-1_8_0-openjdk-demo-1.8.0.72-6.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.72-6.1 java-1_8_0-openjdk-devel-1.8.0.72-6.1 java-1_8_0-openjdk-headless-1.8.0.72-6.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.72-6.1 java-1_8_0-openjdk-src-1.8.0.72-6.1 - openSUSE Leap 42.1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.72-6.1 References: https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4868.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4881.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4901.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4906.html https://www.suse.com/security/cve/CVE-2015-4908.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-4916.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/show_bug.cgi?id=951376 https://bugzilla.suse.com/show_bug.cgi?id=960996 https://bugzilla.suse.com/show_bug.cgi?id=962743 . Important patch for openSUSE correcting vulnerabilities in Java 8. Prompt measures advised for safeguarding system stability.. openSUSE Update, Java Security Fix, Security Advisory, Java CriticalVulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jan 27, 2016
•Critical
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!