Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2018-2241

Опубликовано: 23 июл. 2018
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2018-2241: java-1.8.0-openjdk security update (MODERATE)

[1:1.8.0.181-7.b13]

  • Update to aarch64-jdk8u181-b13.
  • Remove 8187577/PR3578 now applied upstream.
  • Resolves: rhbz#1594249

[1:1.8.0.181-3.b04]

  • Fix hook to show hs_err*.log files on failures.
  • Resolves: rhbz#1594249

[1:1.8.0.181-3.b04]

  • Fix requires/provides filters for internal libs. See RHBZ#1590796
  • Resolves: rhbz#1594249

[1:1.8.0.181-2.b04]

  • Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list'
  • Resolves: rhbz#1594249

[1:1.8.0.181-1.b04]

  • Add hook to show hs_err*.log files on failures.
  • Resolves: rhbz#1594249

[1:1.8.0.181-1.b04]

  • Mark bugs that have been pushed to 8u upstream and are scheduled for a release.
  • Resolves: rhbz#1594249

[1:1.8.0.181-1.b04]

  • Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04.
  • Resolves: rhbz#1594249

[1:1.8.0.181-0.b03]

  • Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03.
  • Remove AArch64 patch for PR3458/RH1540242 as applied upstream.
  • Resolves: rhbz#1594249

[1:1.8.0.172-2.b11]

  • Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags.
  • Resolves: rhbz#1594249

[1:1.8.0.172-2.b11]

  • Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546)
  • Resolves: rhbz#1594249

[1:1.8.0.172-2.b11]

  • Split PR3458/RH1540242 fix into AArch64 & Zero sections, as their upstream trajectories differ.
  • Enable patch570 missed in last changeset.
  • Resolves: rhbz#1594249

[1:1.8.0.172-1.b11]

  • Sync with IcedTea 3.8.0.
  • Label architecture-specific fixes with architecture concerned
  • x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)
  • PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build
  • 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
  • 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds
  • 8185723, PR3553: Zero: segfaults on Power PC 32-bit
  • 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
  • PR3559: Use ldrexd for atomic reads on ARMv7.
  • 8187577, PR3578: JVM crash during gc doing concurrent marking
  • 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong
  • 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile
  • PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
  • 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26
  • Resolves: rhbz#1594249

[1:1.8.0.172-0.b11]

  • Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11.
  • Resolves: rhbz#1594249

[1:1.8.0.171-11.b12]

  • Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12.
  • Remove patch for 8200556/PR3566 as applied upstream.
  • Resolves: rhbz#1594249

[1:1.8.0.171-11.b10]

  • Fix jconsole.desktop.in subcategory, replacing 'Monitor' with 'Profiling' (PR3550)
  • Resolves: rhbz#1594249

[1:1.8.0.171-11.b10]

  • Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones
  • Resolves: rhbz#1594249

[1:1.8.0.171-10.b03]

  • added missing hooks for c-j-c
  • Resolves: rhbz#1594249

[1:1.8.0.171-9.b10]

  • added and applied 1566890_embargoed20180521.patch
  • Resolves: rhbz#1578548

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

java-1.8.0-openjdk

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-demo

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-demo-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-devel

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-devel-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-headless

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-headless-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-javadoc

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-javadoc-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-src

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-src-debug

1.8.0.181-3.b13.el6_10

Oracle Linux i686

java-1.8.0-openjdk

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-demo

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-demo-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-devel

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-devel-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-headless

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-headless-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-javadoc

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-javadoc-debug

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-src

1.8.0.181-3.b13.el6_10

java-1.8.0-openjdk-src-debug

1.8.0.181-3.b13.el6_10

Связанные CVE

CVE-2018-2952

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-2952

CVSS3: 3.7
ubuntu
больше 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:...

redhat логотип

CVE-2018-2952

CVSS3: 3.7
redhat
больше 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:...

nvd логотип

CVE-2018-2952

CVSS3: 3.7
nvd
больше 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/P

debian логотип

CVE-2018-2952

CVSS3: 3.7
debian
больше 7 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...

github логотип

GHSA-pvp8-49wp-gw4c

CVSS3: 3.7
github
больше 3 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:...