Red Hat Security Advisory: java-1.6.0-sun security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2018-2940 — JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) CVE-2018-2952 — OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) CVE-2018-2973 — JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) CVE-2018-3136 — OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) CVE-2018-3139 — OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) CVE-2018-3149 — OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) CVE-2018-3180 — OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) CVE-2018-3214 — OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) CVE-2018-13785 — libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2018:3007
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1599943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1600925
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1602145
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1602146
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639755
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639834
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3007.json