RHSA-2018:0458-01 -- Redhat java-1.7.1-ibm, javaID: oval:org.secpod.oval:def:505440 | Date: (C)2021-01-04 (M)2023-11-27 |
Class: PATCH | Family: unix |
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix: * OpenJDK: insufficient validation of the invokeinterface instruction * OpenJDK: LDAPCertStore insecure handling of LDAP referrals * OpenJDK: use of global credentials for HTTP/SPNEGO * OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter * OpenJDK: GTK library loading use-after-free * OpenJDK: LdapLoginModule insufficient username encoding in LDAP query * OpenJDK: DnsClient missing source port randomization * OpenJDK: loading of classes from untrusted locations * OpenJDK: DerValue unbounded memory allocation * OpenJDK: insufficient strength of key agreement * Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 * OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state * OpenJDK: unbounded memory allocation during deserialization * OpenJDK: unbounded memory allocation in BasicAttributes deserialization * OpenJDK: unsynchronized access to encryption key data For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |