Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-0416

Опубликовано: 26 фев. 2019
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2019-0416: java-1.8.0-openjdk security update (MODERATE)

[1:1.8.0.201.b09-0]

  • Update to aarch64-shenandoah-jdk8u201-b09.
  • Resolves: rhbz#1661577

[1:1.8.0.192.b12-1]

  • Add 8160748 for AArch64 which is missing from upstream 8u version.
  • Add port of 8189170 to AArch64 which is missing from upstream 8u version.
  • Resolves: rhbz#1661577

[1:1.8.0.192.b12-0]

  • Update to aarch64-shenandoah-jdk8u192-b12.
  • Remove patches included upstream
    • PR3548/RH1540242
    • JDK-6260348/PR3066
    • JDK-8185723/PR3553
    • JDK-8186461/PR3557
    • JDK-8201509/PR3579
    • JDK-8205104/PR3539/RH1548475
    • JDK-8206406/PR3610/RH1597825
    • JDK-8201495/PR2415
  • Re-generate patches (mostly due to upstream build changes)
    • JDK-8073139/PR1758/RH1191652
    • JDK-8197429/PR3546/RH1536622 (due to JDK-8189170)
    • JDK-8199936/PR3533
    • JDK-8199936/PR3591
    • PR3559 (due to JDK-8185723/JDK-8186461/JDK-8201509)
    • PR3593 (due to JDK-8081202)
    • RH1566890/CVE-2018-3639 (due to JDK-8189170)
    • RH1649664 (due to JDK-8196516)
    • RH1649731
  • Resolves: rhbz#1661577

[1:1.8.0.191.b14-1]

  • Add 8131048 & 8164920 (PR3574/RH1498936) to provide a CRC32 intrinsic for PPC64.
  • Resolves: rhbz#1661577

[1:1.8.0.191.b14-0]

  • Update to aarch64-shenandoah-jdk8u191-b14.
  • Adjust JDK-8073139/PR1758/RH1191652 to apply following 8155627 backport.
  • Resolves: rhbz#1661577

[1:1.8.0.191.b13-0]

  • Update to aarch64-shenandoah-jdk8u191-b13.
  • Update tarball generation script in preparation for PR3667/RH1656676 SunEC changes.
  • Use remove-intree-libraries.sh to remove the remaining SunEC code for now.
  • Resolves: rhbz#1661577

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

java-1.8.0-openjdk

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-demo

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-demo-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-devel

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-devel-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-headless

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-headless-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-javadoc

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-javadoc-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-src

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-src-debug

1.8.0.201.b09-1.el6_10

Oracle Linux i686

java-1.8.0-openjdk

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-demo

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-demo-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-devel

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-devel-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-headless

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-headless-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-javadoc

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-javadoc-debug

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-src

1.8.0.201.b09-1.el6_10

java-1.8.0-openjdk-src-debug

1.8.0.201.b09-1.el6_10

Связанные CVE

CVE-2019-2422

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-2422

CVSS3: 3.1
ubuntu
почти 7 лет назад

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...

redhat логотип

CVE-2019-2422

CVSS3: 3.1
redhat
почти 7 лет назад

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...

nvd логотип

CVE-2019-2422

CVSS3: 3.1
nvd
почти 7 лет назад

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality

debian логотип

CVE-2019-2422

CVSS3: 3.1
debian
почти 7 лет назад

Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...

github логотип

GHSA-9hmr-2699-952q

CVSS3: 3.1
github
больше 3 лет назад

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...