Red Hat Security Advisory: java-1.8.0-oracle security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2018-3136 — OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) CVE-2018-3139 — OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) CVE-2018-3149 — OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) CVE-2018-3169 — OpenJDK: Improper field access checks (Hotspot, 8199226) CVE-2018-3180 — OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) CVE-2018-3183 — OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) CVE-2018-3209 — JDK: unspecified vulnerability fixed in 8u191 (JavaFX) CVE-2018-3211 — JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) CVE-2018-3214 — OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) CVE-2018-13785 — libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2018:3002
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1599943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639293
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639755
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639834
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639904
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639906
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3002.json