Executive Summary
Summary | |
---|---|
Title | java-1.8.0-openjdk security update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:3134 | First vendor Publication | 2019-10-17 |
Vendor | RedHat | Last vendor Modification | 2019-10-17 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N | |||
---|---|---|---|
Overall CVSS Score | 6.8 | ||
Base Score | 6.8 | Environmental Score | 6.8 |
impact SubScore | 4 | Temporal Score | 6.8 |
Exploitabality Sub Score | 2.2 | ||
Attack Vector | Network | Attack Complexity | High |
Privileges Required | None | User Interaction | None |
Scope | Changed | Confidentiality Impact | None |
Integrity Impact | High | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1760963 - CVE-2019-2964 OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) 1760969 - CVE-2019-2975 OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) 1760978 - CVE-2019-2973 OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) 1760980 - CVE-2019-2981 OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) 1760992 - CVE-2019-2999 OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) 1760999 - CVE-2019-2988 OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) 1761006 - CVE-2019-2978 OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) 1761146 - CVE-2019-2992 OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) 1761149 - CVE-2019-2987 OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) 1761262 - CVE-2019-2983 OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) 1761266 - CVE-2019-2962 OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) 1761594 - CVE-2019-2949 OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) 1761596 - CVE-2019-2945 OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) 1761601 - CVE-2019-2989 OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-3134.html |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2020-05-23 13:03:44 |
|
2020-03-19 13:19:23 |
|