Download
| Alert*
oval:org.secpod.oval:def:96825
The host is installed with Oracle Java SE through 8u391, or 11.0.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Scripting. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:89051543 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: * CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library . * CVE-2024-20932: Fixed incorrect handling of ZIP files with dup ... oval:org.secpod.oval:def:98729 openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK 11. oval:org.secpod.oval:def:89051541 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: * CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library . * CVE-2024-20932: Fixed incorrect handling of ZIP files with dup ... oval:org.secpod.oval:def:708784 openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK 11. oval:org.secpod.oval:def:509040 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler OpenJDK: RSA padding issue and timing side-channel attack against TLS OpenJD ... oval:org.secpod.oval:def:89051443 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 : * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check . * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier . * CVE-2024-20921: Fixed an inc ... oval:org.secpod.oval:def:508015 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:96861 The host is installed with Oracle Java SE through 8u391, or 11.0.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Scripting. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:97872 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. oval:org.secpod.oval:def:1507259 [1:1.8.0.402.b06-0.1.ea] - Update to shenandoah-jdk8u402-b06 - Update release notes for shenandoah-8u402-b06. - Drop local copy of JDK-8312489 which is now included upstream - Switch to GA mode. - ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** - Resolves: RHEL-17914 - Resolves: RHEL-209 ... oval:org.secpod.oval:def:89051614 This update for java-1_8_0-openjdk fixes the following issues: * CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS . * CVE-2024-20921: Fixed range check loop optimization issue . * CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn . * CVE-2024-20919: F ... oval:org.secpod.oval:def:612945 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. oval:org.secpod.oval:def:1702083 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:708832 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:2600481 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:19500575 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:508004 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler OpenJDK: RSA padding issue and timing side-channel attack against TLS OpenJDK ... oval:org.secpod.oval:def:1507283 [1:11.0.22.0.7-2.0.1] - Update to 11.0.22.0.7-2.0.1 oval:org.secpod.oval:def:1507284 [1:1.8.0.402.b06-0.2.0.1] - Update to shenandoah-jdk8u402-b06 - Sync the copy of the portable specfile with the latest update - Add Oracle vendor bug URL [Orabug: 34340155] oval:org.secpod.oval:def:96893 The host is installed with Oracle Java SE through 8u391, or 11.0.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Scripting. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:96871 The host is installed with Oracle Java SE through 8u391, or 11.0.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Scripting. Successful exploitation allows attackers to affect Confidentiality. oval:org.secpod.oval:def:19500572 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:98510 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. oval:org.secpod.oval:def:206061 Security Fix: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler OpenJDK: RSA padding issue and timing side-channel attack against TLS OpenJDK: JVM class file verifier flaw allows unverified bytecode execution OpenJDK: range check loop optimization issue OpenJDK: a ... oval:org.secpod.oval:def:509057 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler OpenJDK: RSA padding issue and timing side-channel attack against TLS OpenJDK ... oval:org.secpod.oval:def:97884 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler OpenJDK: RSA padding issue and timing side-channel attack against TLS OpenJD ... oval:org.secpod.oval:def:99544 openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8. oval:org.secpod.oval:def:98534 The host is missing a patch containing a security fixes, which affects the following package(s): Java oval:org.secpod.oval:def:1507280 [1:11.0.22.0.7-2.0.1] - Update to openjdk-11.0.22+7 oval:org.secpod.oval:def:2600480 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. oval:org.secpod.oval:def:206064 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507281 [1:1.8.0.402.b06-0.2.0.1] - Update to shenandoah-jdk8u402-b06 - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL [Orabug: 34340155] oval:org.secpod.oval:def:19500569 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1507264 [1:11.0.22.0.7-1.0.1] - link atomic for ix86 build [1:11.0.22.0.7-1] - Update to jdk-11.0.22+7 - Update release notes to 11.0.22+7 - Switch to GA mode for release - ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** - Resolves: RHEL-20966 [1:11.0.22.0.6-0.1.ea] - Update to jdk-11.0.22+6 - ... oval:org.secpod.oval:def:1702067 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:1702045 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:89051402 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 : * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check . * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier . * CVE-2024-20921: Fixed an inc ... oval:org.secpod.oval:def:89051644 This update for java-1_8_0-openjdk fixes the following issues: * CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS . * CVE-2024-20921: Fixed range check loop optimization issue . * CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn . * CVE-2024-20919: F ... oval:org.secpod.oval:def:1702103 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... oval:org.secpod.oval:def:3302368 Security update for java-1_8_0-openj9 oval:org.secpod.oval:def:3302467 Security update for java-1_8_0-openjdk oval:org.secpod.oval:def:612936 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions. oval:org.secpod.oval:def:1702044 A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. Loop optimizations are not correct when induction variable overflow ... |