RHEL 7 : java-11-openjdk (RHSA-2018:3521)
Medium Nessus Plugin ID 118815
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for java-11-openjdk is now available for Red Hat Enterprise
Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es) :
* OpenJDK: Improper field access checks (Hotspot, 8199226)
* OpenJDK: Unrestricted access to scripting engine (Scripting,
* OpenJDK: Incomplete enforcement of the trustURLCodebase restriction
(JNDI, 8199177) (CVE-2018-3149)
* OpenJDK: Incorrect handling of unsigned attributes in signed Jar
manifests (Security, 8194534) (CVE-2018-3136)
* OpenJDK: Leak of sensitive header data via HTTP redirect
(Networking, 8196902) (CVE-2018-3139)
* OpenJDK: Multi-Release attribute read from outside of the main
manifest attributes (Utility, 8199171) (CVE-2018-3150)
* OpenJDK: Missing endpoint identification algorithm check during TLS
session resumption (JSSE, 8202613) (CVE-2018-3180)
For more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.
SolutionUpdate the affected packages.