OVAL Reference oval:com.redhat.rhsa:def:20182242

Oval Definition:

oval:com.redhat.rhsa:def:20182242

Revision Date:	2018-07-23	Version:	643
Title:	RHSA-2018:2242: java-1.8.0-openjdk security and bug fix update (Moderate)
Description:	The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Bug Fix(es): This update applies changes from OpenJDK upstream version 8u172, which provides a number of bug fixes over the previous version, 8u171. (BZ#1588364) OpenJDK was recently updated to support reading the system certificate authority database (cacerts) directly. As an unintended consequence, this removed the ability to read certificates from the user-provided jssecacerts file. With this update, that ability is restored by reading from that file first, if available. (BZ#1593737)
Family:	unix	Class:	patch
Status:		Reference(s):	CVE-2018-2952 RHSA-2018:2242 RHSA-2018:2242-00 RHSA-2018:2242-01
Platform(s):	Red Hat Enterprise Linux 7	Product(s):
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 7 is installed AND java-1.8.0-openjdk is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-demo is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-devel is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-headless is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-src is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.181-3.b13.el7_5 AND java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key

BACK