Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-1298

Опубликовано: 21 апр. 2021
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2021-1298: java-1.8.0-openjdk security update (MODERATE)

[1:1.8.0.292.b10-1]

  • Add CVE numbers.
  • Require tzdata 2021a due to JDK-8260356
  • Resolves: rhbz#1938201

[1:1.8.0.292.b10-0]

  • Update to aarch64-shenandoah-jdk8u292-b10 (GA)
  • Update release notes for 8u292-b10.
  • This tarball is embargoed until 2021-04-20 @ 1pm PT.
  • Resolves: rhbz#1938201

[1:1.8.0.292.b09-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b09 (EA)
  • Update release notes for 8u292-b09.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b08-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b08 (EA)
  • Update release notes for 8u292-b08.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b07-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b07 (EA)
  • Update release notes for 8u292-b07.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b06-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b06 (EA)
  • Update release notes for 8u292-b06.
  • Require tzdata 2020f due to JDK-8259048
  • Resolves: rhbz#1938081

[1:1.8.0.292.b05-0.2.ea]

  • Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
  • Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
  • Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
  • Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b05-0.1.ea]

  • Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
  • Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b05-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b05 (EA)
  • Update release notes for 8u292-b05.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b04-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b04 (EA)
  • Update release notes for 8u292-b04.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b03-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b03 (EA)
  • Update release notes for 8u292-b03.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b02-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b02 (EA)
  • Update release notes for 8u292-b02.
  • Resolves: rhbz#1938081

[1:1.8.0.292.b01-0.0.ea]

  • Update to aarch64-shenandoah-jdk8u292-b01 (EA)
  • Update release notes for 8u292-b01.
  • Switch to EA mode.
  • Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes
  • Resolves: rhbz#1938081

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

java-1.8.0-openjdk

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-accessibility

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-demo

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-devel

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-headless

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-javadoc

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-javadoc-zip

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-src

1.8.0.292.b10-1.el7_9

Oracle Linux x86_64

java-1.8.0-openjdk

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-accessibility

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-demo

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-devel

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-headless

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-javadoc

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-javadoc-zip

1.8.0.292.b10-1.el7_9

java-1.8.0-openjdk-src

1.8.0.292.b10-1.el7_9

Связанные CVE

CVE-2021-2163

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2021-2163

CVSS3: 5.3
ubuntu
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts)....

redhat логотип

CVE-2021-2163

CVSS3: 5.3
redhat
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts)....

nvd логотип

CVE-2021-2163

CVSS3: 5.3
nvd
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV

debian логотип

CVE-2021-2163

CVSS3: 5.3
debian
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...

suse-cvrf логотип

openSUSE-SU-2021:1989-1

suse-cvrf
почти 4 года назад

Security update for java-1_8_0-openjdk