DSA-4703-1 mysql-connector-java - security update

Bulletin has no description...

SUSE-SU-2020:14391-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

SUSE-SU-2020:1572-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...

SUSE-SU-2020:1569-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn bsc1169511 - CVE-2020-2755: Improve Nashorn matching bsc1169511 - CVE-2020-2756: Better mapping of serial ENUMs bsc1169511 - CVE-2020-2757: Less Blocking Array Queues...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Fedora 31 : 1:java-1.8.0-openjdk (2020-a60ad9d4ec)

Update to OpenJDK 8u252 April Critical Patch Update - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-822560...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)

A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...

java-1.7.0-openjdk security update

1:1.7.0.261-2.6.22.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.261-2.6.22.1 - Add release notes from IcedTea. - Resolves: rhbz1810557 1:1.7.0.261-2.6.22.0 - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz1810557...

PT-2020-2546

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient access control in the JSSE component of Java SE, allowing an unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks can...

Arbitrary Code Execution

java i svulnerable to arbitrary code execution. A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

SUSE-SU-2020:0628-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: Update java-170-openjdk to version jdk7u251 January 2020 CPU, bsc1160968: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all -...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base Security, 8226352 CVE-2020-2590 Incorrect exception processing during deserialization in BeanContextSupport Serialization, 8224909 CVE-2020-2583 Incorrect isBuiltinStreamHandler causing UR...

SUSE-SU-2020:0261-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update java-180-openjdk to version jdk8u242 icedtea 3.15.0 January 2020 CPU, bsc1160968: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for a...

OPENSUSE-SU-2020:0147-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update java-180-openjdk to version jdk8u242 icedtea 3.15.0 January 2020 CPU, bsc1160968: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for a...