SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

SUSE-SU-2023:1823-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...

MGASA-2022-0261 Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

MGASA-2019-0155 Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

MGASA-2019-0071 Updated java-1.8.0-openjdk packages fix security vulnerability

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Fedora 21 : opensaml-java-2.5.3-9.fc21 / opensaml-java-openws-1.5.5-2.fc21 (2015-10175)

OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532...

SUSE-SU-2015:0344-1 Security update for IBM Java 7

IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: CVE-2013-5458 CVE-2013-5456 CVE-2013-5457 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...