[SECURITY] Fedora 30 Update: jss-4.6.2-1.fc30

Java Security Services JSS is a java native interface which provides a br idge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

CentOS Update for jss CESA-2019:3067 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Oracle Linux 7 : jss (ELSA-2019-3067)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3067 advisory. Thu Sep 12 2019 Dogtag PKI Team [email protected] 4.4.6-3 - NVR bump 4.4.6-2 - Bugzilla 1747966 - CVE 2019-14823 jss: OCSP policy 'Leaf and Chain' implicitly...

Important: Red Hat Security Advisory: jss security update

An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

SUSE-SU-2019:14188-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 50 bsc1147021. Security issues fixed: - CVE-2019-2762: Fixed issue inside Component Utilities bsc1141782. - CVE-2019-2766: Fixed issue inside Component Networking bsc1141789. - CVE-2019-2769:...

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:1916-1 Rating: important References: 1115375 1140461 1141780 1141781 1141782 1141783 1141784 1141785 1141787 1141788 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769...

SUSE-SU-2019:2036-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

SUSE-SU-2019:2036-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

SUSE-SU-2019:2028-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE2019-2426: Improve web server connections bsc1134297. - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve fi...

SUSE-SU-2019:2021-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...

Design/Logic Flaw

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java...

OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java...

SUSE-SU-2019:1211-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing bsc1132728. - CVE-2019-2684: More dynamic RMI interactions bsc1132732. - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID bsc1132729. - CVE-2018-3639:...

SUSE-SU-2019:1345-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729. -...

OPENSUSE-SU-2019:1438-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing bsc1132728. - CVE-2019-2684: More dynamic RMI interactions bsc1132732. - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID bsc1132729. - CVE-2018-3639:...