Lucene search

K
oraclelinuxOracleLinuxELSA-2018-2942
HistoryOct 17, 2018 - 12:00 a.m.

java-1.8.0-openjdk security update

2018-10-1700:00:00
linux.oracle.com
437

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

76.3%

[1:1.8.0.191.b12-0]

  • Update to aarch64-shenandoah-jdk8u191-b12.
  • Resolves: rhbz#1633817
    [1:1.8.0.191.b10-0]
  • Update to aarch64-shenandoah-jdk8u191-b10.
  • Drop 8146115/PR3508/RH1463098 applied upstream.
  • Resolves: rhbz#1633817
    [1:1.8.0.181.b16-0]
  • Add new Shenandoah patch PR3634 as upstream still fails on s390.
  • Resolves: rhbz#1633817
    [1:1.8.0.181.b16-0]
  • Update to aarch64-shenandoah-jdk8u181-b16.
  • Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream.
  • Resolves: rhbz#1633817
    [1:1.8.0.181.b15-0]
  • Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u.
  • Update to aarch64-shenandoah-jdk8u181-b15.
  • Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds.
  • Move buildver to where it should be in the OpenJDK version.
  • Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620).
  • Update pr3539-rh1548475.patch to apply after 8187045.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Remove unneeded functions from ppc shenandoahBarrierSet.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Add missing shenandoahBarrierSet implementation for ppc64{be,le}.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Fix wrong format specifiers in Shenandoah code.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Avoid changing variable types to fix size_t, at least for now.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • More size_t fixes for Shenandoah.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Add additional s390 size_t case for Shenandoah.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Actually add the patch…
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Attempt to fix Shenandoah build issues on s390.
  • Resolves: rhbz#1633817
    [1:1.8.0.181-4.b13]
  • Use the Shenandoah HotSpot on all architectures.
  • Resolves: rhbz#1633817

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

76.3%

Related for ELSA-2018-2942