Synopsis: Important: java-1.7.0-openjdk security update
Advisory ID: SLSA-2018:3409-1
Issue Date: 2018-10-31
CVE Numbers: CVE-2018-3169
CVE-2018-3214
CVE-2018-3139
CVE-2018-3180
CVE-2018-3136
CVE-2018-3149
—
Security Fix(es):
* OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169)
* OpenJDK: Incomplete enforcement of the trustURLCodebase restriction
(JNDI, 8199177) (CVE-2018-3149)
* OpenJDK: Incorrect handling of unsigned attributes in signed Jar
manifests (Security, 8194534) (CVE-2018-3136)
* OpenJDK: Leak of sensitive header data via HTTP redirect (Networking,
8196902) (CVE-2018-3139)
* OpenJDK: Missing endpoint identification algorithm check during TLS
session resumption (JSSE, 8202613) (CVE-2018-3180)
* OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
(CVE-2018-3214)
—
SL6
x86_64
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm
i386
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpm
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm
noarch
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm
– Scientific Linux Development Team
