OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Install. Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 January 2018 CPUbsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages...

SUSE-SU-2018:0663-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Security issues fix in jdk8u161 icedtea 3.7.0bsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups -...

SUSE-SU-2018:0665-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Removed java-180-ibm-alsa and java-180-ibm-plugin entries in baselibs.conf due to errors in osc sourcevalidator Version update to 8.0.5.10 bsc1082810 Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

MGASA-2018-0104 Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

Unspecified Vulnerability in Oracle Java SE, Java SE Embedded and Jrockit (CNVD-2018-02240)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a Java platform for developing...

SUSE-SU-2018:0005-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

SUSE-SU-2017:3440-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: CVE-2017-10349: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit:...

SUSE-SU-2017:3369-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 bsc1070162 CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347...

OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)

It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...

OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

SUSE-SU-2017:3235-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 bsc1070162 CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347...

Security update for java-1_8_0-openjdk (important)

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u151 icedtea 3.6.0 Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better bsc1064071 - CVE-2017-10281: Better queuing priorities bsc1064072 - CVE-2017-10285: Unreferenced references bsc1064073 ...

SUSE-SU-2017:2989-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u151 icedtea 3.6.0 Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better bsc1064071 - CVE-2017-10281: Better queuing priorities bsc1064072 - CVE-2017-10285: Unreferenced references bsc1064073 ...

Apache James java deserialization arbitrary command execution vulnerability

Apache James is pure Java SMTP and POP3 mail server and NNTP news server . A security vulnerability in the Apache James JMX server's handling of Java deserialization allows an attacker to exploit the vulnerability to construct special requests to execute arbitrary code in the context of an...

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...