Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisoryfedoraupdate informationFedora 42 php-zumba-json-serializer 3.2.4 Major Serialization Revamp 2026
Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d781fd2f6b 2026-03-05 01:12:27.918785+00:00 -------------------------------------------------------------------------------- Name : php-zumba-json-serializer Product : Fedora 42 Version : 3.2.4 Release : 1.fc42 URL : https://github.com/zumba/json-serializer Summary : Serialize PHP variables Description : This is a library to serialize PHP variables in JSON format. It is similar of the serialize() function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.php -------------------------------------------------------------------------------- Update Information: Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3 [Security] Added method to restrict which classes can be unserialized. Security Advisory GHSA-v7m3-fpcr-h7m2 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Remi Collet - 3.2.4-1 - update to 3.2.4 * Thu Feb 19 2026 Remi Collet - 3.2.3-1 - update to 3.2.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d781fd2f6b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 05, 2026
•Important
Fedora
172
security advisorycriticalubuntuUbuntu 22.10: USN-5898-1 Critical: OpenJDK Serialization Security Issues
Several security issues were fixed in OpenJDK.. =========================================================================Ubuntu Security Notice USN-5898-1 February 28, 2023 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-8: Open Source Java implementation Details: It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-21830) Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: openjdk-8-jdk 8u362-ga-0ubuntu1~22.10 openjdk-8-jre 8u362-ga-0ubuntu1~22.10 openjdk-8-jre-headless 8u362-ga-0ubuntu1~22.10 openjdk-8-jre-zero 8u362-ga-0ubuntu1~22.10 Ubuntu 22.04 LTS: openjdk-8-jdk 8u362-ga-0ubuntu1~22.04 openjdk-8-jre 8u362-ga-0ubuntu1~22.04 openjdk-8-jre-headless 8u362-ga-0ubuntu1~22.04 openjdk-8-jre-zero 8u362-ga-0ubuntu1~22.04 Ubuntu 20.04 LTS: openjdk-8-jdk 8u362-ga-0ubuntu1~20.04.1 openjdk-8-jre 8u362-ga-0ubuntu1~20.04.1 openjdk-8-jre-headless 8u362-ga-0ubuntu1~20.04.1 openjdk-8-jre-zero 8u362-ga-0ubuntu1~20.04.1 Ubuntu 18.04 LTS: openjdk-8-jdk 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre-headless 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre-zero 8u362-ga-0ubuntu1~18.04.1 Ubuntu 16.04 ESM: openjdk-8-jdk 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre-headless 8u362-ga-0ubuntu1~16.04.1 openjdk-8-jre-zero 8u362-ga-0ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5898-1 CVE-2023-21830, CVE-2023-21843 Package Information: https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~22.10 https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~22.04 https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~20.04.1 https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~18.04.1 . Numerous vulnerabilities in OpenJDK have been addressed for Ubuntu distributions, encompassing problems related to serialization and the audio subsystem.. OpenJDK Security, Ubuntu 22.10, Serialization Flaws, Sound Subsystem. . Severity: Critical. LinuxSecurity.com Team
Feb 28, 2023
•Critical
Ubuntu
197
security advisoryupdatedebianDebian 8: DLA-2153-1 Important Update for Jackson-databind Serialization
The following CVE(s) were reported against jackson-databind. CVE-2020-10672 . Package : jackson-databind Version : 2.4.2-2+deb8u13 CVE ID : CVE-2020-10672 CVE-2020-10673 The following CVE(s) were reported against jackson-databind. CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). For Debian 8 "Jessie", these problems have been fixed in version 2.4.2-2+deb8u13. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh . Dive into the newest enhancements of Jackson-databind and uncover crucial upgrade information contained within.. Jackson-databind Update, Debian Security Advisory, Serialization Issues. . Severity: Important. LinuxSecurity.com Team
Mar 22, 2020
•Important
Debian LTS
98
security advisorysecurity updateimportantRed Hat Satellite: RHSA-2020-0856-01 Important Java Update
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2020:0856-01 Product: Red Hat Satellite Advisory URL: https://access.redhat.com/errata/RHSA-2020:0856 Issue date: 2020-03-17 CVE Names: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix(es): * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) 6. Package List: Red Hat Satellite 5.8 (RHEL v.6): s390x: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnDMrtzjgjWX9erEAQjNfA//fj9vCx6drsguClX7ZZPIi2/c7r4iyxRx swlYAZnOwkaFCIbeCklR3C524vKQw6e9wY1em2R5407A7VekqwxQcWozTdTBG0+x PNfHQ6PB+AhgrjcAJhBAef2LN6uATehoa3ZIpj6W/a1bug+QQ0TmHBpDuSABJeVd CxOAxpOwngItXOxWPDh/XsUN8Dg4znPPA8EsnOMWXOqz3TUySNWVwehfU0kt/jUc vltLg5o4gWaTG5BYhJ6pKotG9UrCmoxqvnzz/FtVAl+OTojciQZm07p3idNAHb2S 0Y7J6u9uK/pZoY+udvrn2HZGdOYsnQ3+ylHcsYMW+0ljYJxaiNTmzysC7ip+0z3X AtT92JbR72rfUZad+VzijqMmv7RM79u8RdtAe9dz0jARJOtSFlUryFnr7PWSwEnR shuj8/gYJfQD9lBrU1n76DcNNgQuYHuAa+SU086txWOpf9e45W24jk3waeo6mmjD kgEz/Sx3KGeSaF1fPmrtP+WnuN7nVE3kCJzt4+5er/MTOhSG/x1sqMT6eT7HmXAH W7/vFG9nF06I1hvResCMjBX9IErXojFJcmir/GQBqLds59JRuWSvhXfl9hFxwy9d r9HfGPcFbzYiKgcbuugPJdlAIoRlCDAcsr6Sc6DQwv7c5C003BoQlYdKRSckIbfv PfU24hFaSOQ=FICx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 17, 2020
•Important
Red Hat
100
security advisoryimportantSUSESUSE: 2020:14287-1 Important: java-1_7_1-ibm Security Update
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14287-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14287=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-devel-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.60-26.50.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.60-26.50.1 java-1_7_1-ibm-plugin-1.7.1_sr4.60-26.50.1 References: https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 _______________________________________________ sle-security-updates mailing list
Feb 21, 2020
•Important
SuSE
100
security advisoryJava updateSUSE Linux EnterpriseSUSE Linux Enterprise: 2020:14286-1 Important: Java Update Security Fixes
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14286-1 Rating: important References: #1160968 #1162972 Cross-References: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: Java was updated to 7.0 Service Refresh 10 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14286=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-alsa-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-devel-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.60-65.48.1 java-1_7_0-ibm-plugin-1.7.0_sr10.60-65.48.1 References: https://www.suse.com/security/cve/CVE-2020-2583.html https://www.suse.com/security/cve/CVE-2020-2593.html https://www.suse.com/security/cve/CVE-2020-2604.html https://www.suse.com/security/cve/CVE-2020-2659.html https://bugzilla.suse.com/1160968 https://bugzilla.suse.com/1162972 _______________________________________________ sle-security-updates mailing list
Feb 20, 2020
•Important
SuSE
98
security advisoryRed Hatimportant updateRed Hat: RHSA-2020-0469-01 Important: Java-1.8.0-IBM Security Update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2020:0469-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:0469 Issue date: 2020-02-11 CVE Names: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix(es): * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Incorrect exception processing during deserializationin BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v.6): x86_64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.ppc64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v.6): i386: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.i686.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXkJmTNzjgjWX9erEAQjkBA/9HP1TdbPAsPOoMihkyCw/O7dao0ZHy3v0 rFmN4XdAsulfDjEJ1D5insdWhdhqs1qWngZ2a2RY8505bg2KOPoGM8H8hj+sO5wk Ki+NGmpODAwm9XheTR63TWhV4z4GX7UcObAk5Jxd5kzWU/vnaw7np903RAGhqtwg AU64+foPKt2zUkNe7pFE27uekX2iC6jfLDwFX4lGF5exylsyAS4Y8F2IidP5m35f /NfKuYIcTOrPvV/2ENkr9ItdzkAKCBB1cQBP9MvGmRiC9odITNrNTnCk6H1YB/yq 5PNqJxn0EvPhyZo3V6fHXKggFEaqwdFRAeNfYM/vVj4L8xk+HH6Ck1n334FFXgcr dLLQxokvAJ60sfWFr41Z5XGmtmnTV0uPo4FdQabC4bs8Qhpa0R7725jMWXF05N8E YQhmQKNwZ1flzMpzmQVnbL+WfnQiARdOwaZk8TlPSKyD5+lhjO1EWmbJeWddUci6 jCTGO1DATkGAIeV1EtRRoMIofM1zkO3lnIOLd9KYmhQrr/9qYcCc29s2hfVER3+X 6KBkpnR+5QJemEax/i1xFEOJ5DvyLjZIyn6VEyZJDpIOS7viBd9XOqT0dl3OJF/j ZW9QpBxwoKDU9wYL046RjBh4JfYkiCf7cITIQz6P11U6CUr09ooqGrige1tJmziD tJCSPLeAZLk=g+wF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 11, 2020
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat Enterprise Linux 8 RHSA-2020-0465-01 Important: Java Security Fix
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2020:0465-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0465 Issue date: 2020-02-11 CVE Names: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 8 Supplementary - ppc64le, s390x, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix(es): * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) 6. Package List: Red Hat Enterprise Linux 8Supplementary: ppc64le: java-1.8.0-ibm-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-headless-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.6.5-1.el8_1.ppc64le.rpm java-1.8.0-ibm-webstart-1.8.0.6.5-1.el8_1.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.6.5-1.el8_1.s390x.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1.el8_1.s390x.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1.el8_1.s390x.rpm java-1.8.0-ibm-headless-1.8.0.6.5-1.el8_1.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1.el8_1.s390x.rpm java-1.8.0-ibm-src-1.8.0.6.5-1.el8_1.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-headless-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-src-1.8.0.6.5-1.el8_1.x86_64.rpm java-1.8.0-ibm-webstart-1.8.0.6.5-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXkImEtzjgjWX9erEAQi2RQ/+M290ezMo4vqSrH6iQeGGUuuhGRpo7ZNr Kp0I5KzmXKAjT2f40kiUMsztpoGZvpmpjWG61eHVH5vkUl/NtwL8W08Mvc4+r2m7 A68x/HZDIxI+H2cBdiVeIuEv7MquoX4Sc3vgozMSwCpznVL5wk2xIyxC9ud58BPn xzHHsUVwpTSRhdZDBV0OCKj8UFWmQtE8LN1Ktrt/C+DfqcljBkFtlKR1gzI5v6e8 2/Md+ql5hj5ETFGT9kBR09oWCeeDuWz48/45mcNPqO73JuDzHn+RJWBBOOkaCLQ7 pIBIRL55TinUzGa++ZvOWFxAED4uJ6xt9yoTlpQej/hw0qD0ZtJsfneKUR74zoOR g/DfqnA0F+OGDkH5ElH7189Ne17BMZUqvcwZCWEXtZ7VRjUwob2t5KY9rDoMk03d 6FE8I1wTJg+aJSXYvjHfdp1NdA8TaXUTP3PQrquTzkIJ2hnmb9mEyvt4FSrJVUCG ZdfzcQT8xdYcJ/ZMf0Kiw73FPQO9ggvAyM1OlN1Fn3Qxjm+CXWzV01NZBQKXANhw qqkWlmu6Z8gMO5Se3EdNOZbtVnQKog5fr92LNuHF6paggy+dnlzi6OiNb4oEGp0G 7gQUgi+SVR3IlzY1XsGpP/ALDXjnXchdXiVgLX2OWBegjG7w8tbe/z5bR4b6BpH0 lGvWZacvWRc=Yx00 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 10, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!