Oval Definition:oval:com.redhat.rhsa:def:20193158
Revision Date:2019-10-21Version:635
Title:RHSA-2019:3158: java-1.7.0-openjdk security update (Moderate)
Description:The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978)

  • OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989)

  • OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945)

  • OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962)

  • OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964)

  • OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973)

  • OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981)

  • OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983)

  • OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987)

  • OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988)

  • OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992)

  • OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2019-2945
    CVE-2019-2962
    CVE-2019-2964
    CVE-2019-2973
    CVE-2019-2978
    CVE-2019-2981
    CVE-2019-2983
    CVE-2019-2987
    CVE-2019-2988
    CVE-2019-2989
    CVE-2019-2992
    CVE-2019-2999
    RHSA-2019:3158
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • java-1.7.0-openjdk is earlier than 1:1.7.0.241-2.6.20.0.el6_10
  • AND java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-demo is earlier than 1:1.7.0.241-2.6.20.0.el6_10
  • AND java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-devel is earlier than 1:1.7.0.241-2.6.20.0.el6_10
  • AND java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.241-2.6.20.0.el6_10
  • AND java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
  • java-1.7.0-openjdk-src is earlier than 1:1.7.0.241-2.6.20.0.el6_10
  • AND java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
  • BACK