Important: Red Hat Security Advisory: jss security update

An update for jss is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

[SECURITY] Fedora 31 Update: jss-4.6.2-1.fc31

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

Fedora Update for jss FEDORA-2019-68c2fbcf82

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: jss-4.6.2-1.fc29

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

[SECURITY] Fedora 30 Update: jss-4.6.2-1.fc30

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

CentOS Update for jss CESA-2019:3067 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Oracle Linux 7 : jss (ELSA-2019-3067)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3067 advisory. Thu Sep 12 2019 Dogtag PKI Team [email protected] 4.4.6-3 - NVR bump 4.4.6-2 - Bugzilla 1747966 - CVE 2019-14823 jss: OCSP policy 'Leaf and Chain' implicitly...

Important: Red Hat Security Advisory: jss security update

An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

SUSE-SU-2019:14188-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 50 bsc1147021. Security issues fixed: - CVE-2019-2762: Fixed issue inside Component Utilities bsc1141782. - CVE-2019-2766: Fixed issue inside Component Networking bsc1141789. - CVE-2019-2769:...

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:1916-1 Rating: important References: 1115375 1140461 1141780 1141781 1141782 1141783 1141784 1141785 1141787 1141788 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769...

SUSE-SU-2019:2036-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

SUSE-SU-2019:2036-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

SUSE-SU-2019:2028-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE2019-2426: Improve web server connections bsc1134297. - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve fi...

SUSE-SU-2019:2021-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

Design/Logic Flaw

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java...

OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...