OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

SUSE-SU-2019:1219-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing bsc1132728. - CVE-2019-2684: More dynamic RMI interactions bsc1132732. - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID bsc1132729. - CVE-2019-2422:...

MGASA-2019-0155 Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

Sandbox Restrictions Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...

SUSE-SU-2019:0057-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support bsc1112142 - CVE-2018-3139: Better HTTP Redirection bsc1112143 - CVE-2018-3149: Enhance JNDI lookups bsc1112144 - CVE-2018-3169: Improve field accesses...

SUSE-SU-2018:3064-3 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

SUSE-SU-2019:1052-1 Security update for java-11-openjdk

This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation bsc1132728. - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an...

openSUSE Security Update : java-10-openjdk (openSUSE-2019-570)

This update for OpenJDK 10.0.2 fixes the following security issues : - CVE-2018-2940: the libraries sub-component contained an easily exploitable vulnerability that allowed attackers to compromise Java SE or Java SE Embedded over the network, potentially gaining unauthorized read access to data...

OPENSUSE-SU-2019:0161-1 Security update for java-11-openjdk

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues: Security issues fixed: - CVE-2019-2422: Better FileChannel transfer performance bsc1122293 - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing bsc1122299 - Better route routing -...

Java Security Analysis for IntelliJ IDEA

New Plugin Features In the course of our last releases, we added various new functionalities and improved existing ones to enhance the quality of our IntelliJ plugin. These include support for analyzing Java code, support for multi-module projects, tracking and commenting of issues, and the optio...

MGASA-2019-0071 Updated java-1.8.0-openjdk packages fix security vulnerability

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Elasticsearch ESA-2018-19

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learnings findfilestructure API. If a policy allowing external network access has been added to Elasticsearchs Java Security Manager then an attacker could send a specially crafted request capable of leaking content of...

Remote Code Execution

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator is vulnerable to remote code execution. It is possible because it does not enforce Java Security Manager JSM restrictions, thereby allowing the attacker to trigger restricted reflection calls via a malicious...

SUSE-SU-2019:0058-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support bsc1112142 - CVE-2018-3139: Better HTTP Redirection bsc1112143 - CVE-2018-3149: Enhance JNDI lookups bsc1112144 - CVE-2018-3169: Improve field accesses...

CVE-2018-17247

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

Information disclosure

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

CVE-2018-17247

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...