Lucene search

K
mageiaGentoo FoundationMGASA-2018-0436
HistoryNov 03, 2018 - 2:55 p.m.

Updated java-1.8.0-openjdk packages fix security vulnerabilities

2018-11-0314:55:18
Gentoo Foundation
advisories.mageia.org
37

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

76.6%

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136). Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139). Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149). Improper field access checks (Hotspot, 8199226) (CVE-2018-3169). Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180). Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183). Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchjava< 1.8.0-openjdk-1.8.0.191-1.b12.1java-1.8.0-openjdk-1.8.0.191-1.b12.1.mga6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.005

Percentile

76.6%