4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
72.1%
For java-1.8.0 ## Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames ## Other significant changes - JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default - JDK-8244286: Tools Warn If Weak Algorithms Are Used - JDK-8256490: Disable TLS 1.0 and 1.1 - JDK-8242147: New System Properties to Configure the TLS Signature Schemes - JDK-8177368: Several incorporation steps are silently failing when an error should be reported. For java-11 ## Security fixes - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing - JDK-8253799: Make lists of normal filenames - JDK-8257001: Improve HTTP Client Support ## Other significant changes - LDAP Channel Binding Support for Java GSS/Kerberos - Disable TLS 1.0 and 1.1 - jdeps --print-module-deps Reports Transitive Dependencies - XML declaration is not followed by a newline - SystemTap tapsets updated to support OpenJDK 11
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | java | < 11-openjdk-11.0.11.0.9-0.1 | java-11-openjdk-11.0.11.0.9-0.1.mga8 |
Mageia | 8 | noarch | copy-jdk-configs | < 4.0-1 | copy-jdk-configs-4.0-1.mga8 |
Mageia | 8 | noarch | java | < 1.8.0-openjdk-1.8.0.292.b10-1.1 | java-1.8.0-openjdk-1.8.0.292.b10-1.1.mga8 |
bugs.mageia.org/show_bug.cgi?id=29145
lists.fedoraproject.org/archives/list/[email protected]/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/
lists.fedoraproject.org/archives/list/[email protected]/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/
lists.fedoraproject.org/archives/list/[email protected]/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/
www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
72.1%