Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64
Medium Nessus Plugin ID 111259
SynopsisThe remote Scientific Linux host is missing one or more security
DescriptionSecurity Fix(es) :
- OpenJDK: insufficient index validation in
PatternSyntaxException getMessage() (Concurrency,
Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
Bug Fix(es) :
- This update applies changes from OpenJDK upstream
version 8u172, which provides a number of bug fixes over
the previous version, 8u171.
- OpenJDK was recently updated to support reading the
system certificate authority database (cacerts)
directly. As an unintended consequence, this removed the
ability to read certificates from the user-provided
jssecacerts file. With this update, that ability is
restored by reading from that file first, if available.
SolutionUpdate the affected packages.