ALSA-2023:0210 Moderate: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having ...

RLSA-2023:0194 Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

Security Bulletin: A CVE-2022-21626 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21626...

Moderate: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

java-11-openjdk security and bug fix update

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...

RLSA-2023:0200 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

ALSA-2023:0202 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2022-21299).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager v6.4.2, which was disclosed in the Oracle January 2022 Critical Patch Update, but deferred until the release associated with the August 2022 Update...

Security Bulletin: A vulnerabbility exists in IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2021-2163).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager v6.4.2, which was disclosed in the Oracle April 2021 Critical Patch Update, but deferred until the release associated with the August 2022 Update. Vulnerabilit...

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Necool Configuration Manager (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager v6.4.2, which was disclosed in the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerabilit...

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive JAR files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security...

Security Bulletin: A vulnerability exists in the IBM® SDK Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2021-35561).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle October 2021 Critical Patch Update, but deferred until the release associated with the August 2022 Update. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities CVE-2021-2163, CVE-2021-35550, CVE-2021-41041, CVE-2021-35603, CVE-2022-21299, CVE-2022-21541, CVE-2022-21540, CVE-2021-35561, CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-21365, CVE-2022-21360, CVE-2022-21341, CVE-2022-21340, CVE-2022-21294,...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based (June 2021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version for IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based . ITMfVE for has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-14782 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring for Virtual Environments Base (June 2021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version for IBM Tivoli Monitoring for Virtual Environments Base . ITMfVE for has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in April 2022 and July 2022. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified...

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...