RLSA-2020:1624 Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...

Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...

CentOS 6 : java-1.7.0-openjdk (RHSA-2020:1508)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 6 : java-1.8.0-openjdk (RHSA-2020:1506)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u24...

[SECURITY] Fedora 31 Update: php-7.3.17-1.fc31

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 30 Update: php-7.3.17-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...

Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1514 advisory. 1:11.0.7.10-1 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557 1:11.0.7.10-1 - Amend release notes, removing...

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-1515)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1515 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. -...

Oracle Linux 7 : java-11-openjdk (ELSA-2020-1509)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1509 advisory. 1:11.0.7.10-4.0.1 - link atomic for ix86 build 1:11.0.7.10-4 - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz1810557...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-1512)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1512 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Mark license files with appropriate macro. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of...

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerabilit...

Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-1507)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1507 advisory. 1:1.7.0.261-2.6.22.2.0.1 - Update DISTRONAME in specfile 1:1.7.0.261-2.6.22.2 - Modify NEWS installation to avoid subpackage naming. - Resolves:...

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2020-1506)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1506 advisory. 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz1810557 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. -...

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...