Описание
ELSA-2019-0436: java-11-openjdk security update (MODERATE)
[1:11.0.2.7-0.0.1]
- link atomic for ix86 build
[1:11.0.2.7-0]
- Update to shenandoah-jdk-11.0.2+7 (January 2019 CPU)
- Make tagsuffix optional and comment it out while unused.
- Drop JDK-8211105/RH1628612/RH1630996 applied upstream.
- Drop JDK-8209639/RH1640127 applied upstream.
- Re-generate JDK-8210416/RH1632174 following JDK-8209786
- Resolves: rhbz#1661577
[1:11.0.1.13-4]
- Update to shenandoah-jdk-11.0.1+13-20190101
- Update tarball generation script in preparation for PR3681/RH1656677 SunEC changes.
- Use remove-intree-libraries.sh to remove the remaining SunEC code for now.
- Fix remove-intree-libraries.sh to not exit early and skip SunEC handling.
- Fix PR1983 SunEC patch so that ecc_impl.h is patched rather than added
- Add missing RH1022017 patch to reduce curves reported by SSL to those we support.
- Resolves: rhbz#1661577
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
java-11-openjdk
11.0.2.7-0.0.1.el7_6
java-11-openjdk-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-demo
11.0.2.7-0.0.1.el7_6
java-11-openjdk-demo-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-devel
11.0.2.7-0.0.1.el7_6
java-11-openjdk-devel-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-headless
11.0.2.7-0.0.1.el7_6
java-11-openjdk-headless-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-zip
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-zip-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-jmods
11.0.2.7-0.0.1.el7_6
java-11-openjdk-jmods-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-src
11.0.2.7-0.0.1.el7_6
java-11-openjdk-src-debug
11.0.2.7-0.0.1.el7_6
Oracle Linux x86_64
java-11-openjdk
11.0.2.7-0.0.1.el7_6
java-11-openjdk-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-demo
11.0.2.7-0.0.1.el7_6
java-11-openjdk-demo-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-devel
11.0.2.7-0.0.1.el7_6
java-11-openjdk-devel-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-headless
11.0.2.7-0.0.1.el7_6
java-11-openjdk-headless-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-zip
11.0.2.7-0.0.1.el7_6
java-11-openjdk-javadoc-zip-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-jmods
11.0.2.7-0.0.1.el7_6
java-11-openjdk-jmods-debug
11.0.2.7-0.0.1.el7_6
java-11-openjdk-src
11.0.2.7-0.0.1.el7_6
java-11-openjdk-src-debug
11.0.2.7-0.0.1.el7_6
Связанные CVE
Связанные уязвимости
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality
Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiali...