Download
| Alert*
oval:org.secpod.oval:def:19500280
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:89049261 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:91219 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:19500284 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:708340 openjdk-20: Open Source Java implementation Several security issues were fixed in OpenJDK 20. oval:org.secpod.oval:def:91211 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:2600291 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. oval:org.secpod.oval:def:507863 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:2600292 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:93279 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:93280 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:611256 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service. oval:org.secpod.oval:def:1506825 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - U ... oval:org.secpod.oval:def:89049148 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:89049320 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. * CVE-2023-22041: Fixed a flaw whcih could allow unautho ... oval:org.secpod.oval:def:1701463 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:1506824 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop - OpenJDK: weakness in AES implementation - OpenJDK: improper handling of slash characters in URI-to-path conversion - harfbuzz: OpenJDK: O growth via consecutive marks - OpenJDK: HTTP client insufficient file name validation - ... oval:org.secpod.oval:def:92537 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:92536 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:89049171 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023- ... oval:org.secpod.oval:def:91106 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1, or Azul Zulu 11 before 11.65.14, or 17 before 17.43.14 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows att ... oval:org.secpod.oval:def:91202 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:93366 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service. oval:org.secpod.oval:def:95369 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service. oval:org.secpod.oval:def:507857 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:507856 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:1701534 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:1506797 [1:11.0.20.0.8-1.0.1] - link atomic for ix86 build [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - Update release notes to 11.0.20.0+8 - Switch to GA mode for release - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106 [1:11.0.20.0.7-0.1.ea] - Update to jdk-11.0.20 ... oval:org.secpod.oval:def:1506830 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - Update release notes to 11.0.20.0+8 - Drop local inclusion of JDK-8274864 JDK-8305113 as the ... oval:org.secpod.oval:def:507854 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:612614 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service. oval:org.secpod.oval:def:2501138 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. oval:org.secpod.oval:def:2501139 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:507858 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:1701450 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:89049299 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. * CVE-2023-22041: Fixed a flaw whcih could allow unautho ... oval:org.secpod.oval:def:1506811 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop - OpenJDK: weakness in AES implementation - OpenJDK: improper handling of slash characters in URI-to-path conversion - harfbuzz: OpenJDK: O growth via consecutive marks - OpenJDK: HTTP client insufficient file name validation - ... |