Red Hat Security Advisory: java-1.8.0-ibm security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2018-3136 — OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) CVE-2018-3139 — OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) CVE-2018-3149 — OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) CVE-2018-3169 — OpenJDK: Improper field access checks (Hotspot, 8199226) CVE-2018-3180 — OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) CVE-2018-3183 — OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) CVE-2018-3214 — OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) CVE-2018-13785 — libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2018:3534
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1599943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639293
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639301
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639755
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1639834
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3534.json