Executive Summary
Summary | |
---|---|
Title | java-1.8.0-ibm security update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:0469 | First vendor Publication | 2019-03-06 |
Vendor | RedHat | Last vendor Modification | 2019-03-06 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Security Fix(es): * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1579973 - CVE-2018-11212 libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c 1665945 - CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) 1685601 - CVE-2019-2449 Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) 1685611 - CVE-2018-12547 IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() 1685717 - CVE-2018-12549 IBM JDK: missing null check when accelerating Unsafe calls |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-0469.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-369 | Divide By Zero |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 2 | |
Application | 1 | |
Application | 4 | |
Application | 2 | |
Application | 4 | |
Application | 3 | |
Application | 4 | |
Application | 1 | |
Os | 5 | |
Os | 2 | |
Os | 2 | |
Os | 1 | |
Os | 2 | |
Os | 1 | |
Os | 3 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 2 |
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:02 |
|