Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64
Medium Nessus Plugin ID 111259
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
Bug Fix(es) :
- This update applies changes from OpenJDK upstream version 8u172, which provides a number of bug fixes over the previous version, 8u171.
- OpenJDK was recently updated to support reading the system certificate authority database (cacerts) directly. As an unintended consequence, this removed the ability to read certificates from the user-provided jssecacerts file. With this update, that ability is restored by reading from that file first, if available.
SolutionUpdate the affected packages.