RHSA-2018:2575-01 -- Redhat java, java-1.8.0-ibmID: oval:org.secpod.oval:def:505578 | Date: (C)2021-01-04 (M)2024-04-17 |
Class: PATCH | Family: unix |
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix: * IBM JDK: privilege escalation via insufficiently restricted access to Attach API * openssl: BN_mod_exp may produce incorrect results on x86_64 * openssl: bn_sqrx8x_internal carry bug on x86_64 * IBM JDK: DoS in the java.math component * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 * OpenJDK: insufficient index validation in PatternSyntaxException getMessage * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 * OpenSSL: Double-free in DSA code For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley as the original reporter of CVE-2016-0705.
Platform: |
Red Hat Enterprise Linux 6 |