RHSA-2018:1463-01 -- Redhat java-1.8.0-ibmID: oval:org.secpod.oval:def:505503 | Date: (C)2021-01-04 (M)2023-11-27 |
Class: PATCH | Family: unix |
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: * IBM JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 * OpenJDK: insufficient validation of the invokeinterface instruction * Oracle JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 * OpenJDK: LDAPCertStore insecure handling of LDAP referrals * OpenJDK: use of global credentials for HTTP/SPNEGO * OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter * OpenJDK: GTK library loading use-after-free * Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 * OpenJDK: LdapLoginModule insufficient username encoding in LDAP query * OpenJDK: DnsClient missing source port randomization * OpenJDK: loading of classes from untrusted locations * OpenJDK: DerValue unbounded memory allocation * OpenJDK: insufficient strength of key agreement * OpenJDK: GSS context use-after-free * Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 * OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state * OpenJDK: unbounded memory allocation during deserialization * OpenJDK: unbounded memory allocation in BasicAttributes deserialization * OpenJDK: unsynchronized access to encryption key data For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 6 |