Red Hat Security Advisory: java-1.8.0-oracle security update
🔗 CVE IDs covered (21)
📋 Description
CVE-2016-9840 — zlib: Out-of-bound pointer arithmetic in inftrees.c CVE-2016-9841 — zlib: Out-of-bounds pointer arithmetic in inffast.c CVE-2016-9842 — zlib: Undefined left shift of negative number CVE-2016-9843 — zlib: Big-endian out-of-bounds pointer CVE-2016-10165 — lcms2: Out-of-bounds read in Type_MLU_Read() CVE-2017-10274 — OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026) CVE-2017-10281 — OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109) CVE-2017-10285 — OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966) CVE-2017-10293 — JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc) CVE-2017-10295 — OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751) CVE-2017-10309 — JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment) CVE-2017-10345 — OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370) CVE-2017-10346 — OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) CVE-2017-10347 — OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323) CVE-2017-10348 — OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432) CVE-2017-10349 — OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327) CVE-2017-10350 — OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100) CVE-2017-10355 — OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612) CVE-2017-10356 — OpenJDK: weak protection of key stores against brute forcing (Security, 8181692) CVE-2017-10357 — OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597) CVE-2017-10388 — OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
🔗 References (26)
- selfhttps://access.redhat.com/errata/RHSA-2017:2999
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA
- externalhttp://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1367357
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402345
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402346
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402348
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1402351
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501868
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1501873
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502038
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502053
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502611
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502614
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502629
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502640
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502687
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502858
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1502869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503169
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503319
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1503320
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2999.json