Download
| Alert*
oval:org.secpod.oval:def:602757
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ... oval:org.secpod.oval:def:90225 The host is missing a patch containing a security fixes, which affects the following package(s): Java oval:org.secpod.oval:def:204037 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:501884 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:505406 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:204038 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:1800226 An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch: oval:org.secpod.oval:def:505311 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:204141 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:505310 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:204025 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:204024 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:501932 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:1800773 An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch Reference oval:org.secpod.oval:def:1800877 An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch: Reference: oval:org.secpod.oval:def:505408 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:89044651 This update for java-1_7_1-ibm fixes the following issues: * CVE-2017-10349: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exp ... oval:org.secpod.oval:def:89044791 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u151 Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better - CVE-2017-10281: Better queuing priorities - CVE-2017-10285: Unreferenced references - CVE-2017-10295: Better URL connections - ... oval:org.secpod.oval:def:89044471 This update for java-1_8_0-ibm fixes the following issues: Security issues fixed: - Security update to version 8.0.5.5 * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10309 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 ... oval:org.secpod.oval:def:1000634 The remote host is missing a patch 152079-71 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000659 The remote host is missing a patch 152098-61 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000693 The remote host is missing a patch 152077-71 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000674 The remote host is missing a patch 152097-61 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000794 The remote host is missing a patch 152076-71 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000727 The remote host is missing a patch 152078-71 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2102700 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. oval:org.secpod.oval:def:89045011 This update for java-1_7_1-ibm fixes the following issues: - Security update to version 7.1.4.15 [bsc#1070162] * CVE-2017-10349: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE ... oval:org.secpod.oval:def:1000763 The remote host is missing a patch 152096-61 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000803 The remote host is missing a patch 152099-61 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:704322 lcms2: Little CMS color management library Several security issues were fixed in Little CMS. oval:org.secpod.oval:def:89043582 This update for lcms2 fixes the following security issues: - CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggered an out-of-bounds heap read . - CVE-2018-16435: A inte ... oval:org.secpod.oval:def:51129 lcms2: Little CMS color management library Several security issues were fixed in Little CMS. oval:org.secpod.oval:def:42454 The host is installed with Oracle Java SE through 7u151, 8u144 or 9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Little CMS 2). Successful exploitation allows attackers to affect Confidentiality. |