SUSE-SU-2020:3310-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 October 2020 CPU, bsc1177943 Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts +...

OPENSUSE-SU-2020:1893-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: -OpenJDK was updated to 8u2732 build 10 with OpenJ9 0.23.0 virtual machine -includes Oracle July 2020 bsc1174157 and October 2020 CPU bsc1177943 - CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581,...

SUSE-SU-2020:3159-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

Fedora 33 : 1:java-11-openjdk (2020-845860fd4f)

New in release OpenJDK 11.0.9 2020-10-20: =========================================== Full versions of these release notes can be found at : - https://bitly.com/openjdk1109 - https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt Security fixes - JDK-8233624: Enhance JNI linkage -...

CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

SUSE-SU-2020:2861-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - java-170-openjdk was updated to 2.6.23 July 2020 CPU, bsc1174157 - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equalsDerValue - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in -...

SUSE-SU-2020:2453-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 bsc1175259, bsc1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 Class Libraries: -...

Apache Shiro Privilege Bypass Vulnerability

Apache Shiro is the United States Apache Apache Software Foundation for the implementation of authentication , authorization , encryption and session management of the Java security framework . A privilege bypass vulnerability exists in Apache Shiro. An attacker could exploit the vulnerability to...

OPENSUSE-SU-2020:1175-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

SUSE-SU-2020:2143-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

Updated java-1.8.0-openjdk packages fix security vulnerability

Bypass of boundary checks in nio.Buffer via concurrent access. CVE-2020-14583 Incomplete bounds checks in Affine Transformations. CVE-2020-14593 Incorrect handling of access control context in ForkJoinPool. CVE-2020-14556 Unexpected exception raised by DerInputStream. CVE-2020-14578 Unexpected...

Elasticsearch MachineLearning XML External Entities (CVE-2018-17247)

An XML external entities vulnerability exists in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the...

SUSE-SU-2020:2008-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

SUSE-SU-2020:1511-2 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...

RSA IG&L Aveksa 7.1.1 - Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

RSA IG+L Aveksa 7.1.1 Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

SUSE-SU-2020:1684-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: java-180-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 bsc1172277,bsc1169511,bsc1160968 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754:...

SUSE-SU-2020:14398-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:0800-1 Rating: important References: 1160398 1169511 1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803...