RHSA-2019:0469

RHSA-2019:0472

RHSA-2019:0473

RHSA-2019:0474

RHSA-2019:0640

RHSA-2019:1238

https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP35.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)

* Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697)

* OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)

* OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)

* IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

* Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP30.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

* Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP30.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

* Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP30.

Security Fix(es) :

* IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)

* IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)

* OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)

* libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)

* Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

ID	Name	Product	Family	Severity
125239	RHEL 8 : java-1.8.0-ibm (RHSA-2019:1238)	Nessus	Red Hat Local Security Checks	critical
123146	RHEL 6 : java-1.8.0-ibm (RHSA-2019:0640)	Nessus	Red Hat Local Security Checks	critical
122713	RHEL 6 : java-1.7.1-ibm (RHSA-2019:0474)	Nessus	Red Hat Local Security Checks	critical
122712	RHEL 7 : java-1.7.1-ibm (RHSA-2019:0473)	Nessus	Red Hat Local Security Checks	critical
122711	RHEL 7 : java-1.8.0-ibm (RHSA-2019:0472)	Nessus	Red Hat Local Security Checks	critical
122659	RHEL 6 : java-1.8.0-ibm (RHSA-2019:0469)	Nessus	Red Hat Local Security Checks	critical

CVE-2018-12547

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

critical

critical

critical

critical