OracleLinuxELSA-2017-0180java-1.8.0-openjdk security update
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
91.0%
[1:1.8.0.121-0.b13]
- Update to aarch64-jdk8u121-b13.
- Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121.
- Re-generate RH1393047 ObjectInputStream patch against u121.
- Resolves: rhbz#1410612
[1:1.8.0.112-0.b16] - Update to aarch64-jdk8u112-b16.
- Drop upstreamed patches for 8044762, 8049226, 8154210, 8158260 and 8160122.
- Re-generate size_t and key size (RH1163501) patches against u112.
- Resolves: rhbz#1410612
[1:1.8.0.111-3.b14] - Enable a full bootstrap on JIT archs to ensure stability.
- Resolves: rhbz#1410612
[1:1.8.0.111-2.b18] - Use java-1.7.0-openjdk to bootstrap on RHEL to allow us to use main build target
- Resolves: rhbz#1410612
[1:1.8.0.111-2.b18] - Update to aarch64-jdk8u111-b18, synced with upstream u111, S8170873 and new AArch64 fixes
- Replace our correct version of 8159244 with the amendment to the 8u version from 8160122.
- Resolves: rhbz#1410612
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.039 Low
EPSS
Percentile
91.0%