Download
| Alert*
oval:org.secpod.oval:def:91215
The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Harfbuzz). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:19500280 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:89049261 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:19500284 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:708340 openjdk-20: Open Source Java implementation Several security issues were fixed in OpenJDK 20. oval:org.secpod.oval:def:2108141 Oracle Solaris 11 - ( CVE-2023-25193 ) oval:org.secpod.oval:def:91111 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1, or Azul Zulu 11 before 11.65.14, or 17 before 17.43.14 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Harfbuzz). Successful exploitation allo ... oval:org.secpod.oval:def:2600291 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. oval:org.secpod.oval:def:507863 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:2600292 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:93279 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:89048717 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:93280 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:89048799 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:1506825 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - U ... oval:org.secpod.oval:def:89049148 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:89048793 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:89049320 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. * CVE-2023-22041: Fixed a flaw whcih could allow unautho ... oval:org.secpod.oval:def:89048792 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:1701463 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:1506824 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop - OpenJDK: weakness in AES implementation - OpenJDK: improper handling of slash characters in URI-to-path conversion - harfbuzz: OpenJDK: O growth via consecutive marks - OpenJDK: HTTP client insufficient file name validation - ... oval:org.secpod.oval:def:19500071 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service via unspecified vectors. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O growth via consecutive marks during the process of looking back for ... oval:org.secpod.oval:def:92537 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:92536 openjdk-17: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:89049171 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023- ... oval:org.secpod.oval:def:91207 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Harfbuzz). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:91223 The host is installed with Oracle Java SE through 11.0.19, 17.0.7 or 20.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Harfbuzz). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:507857 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:507856 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:1506797 [1:11.0.20.0.8-1.0.1] - link atomic for ix86 build [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - Update release notes to 11.0.20.0+8 - Switch to GA mode for release - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106 [1:11.0.20.0.7-0.1.ea] - Update to jdk-11.0.20 ... oval:org.secpod.oval:def:124986 Chromium is an open-source web browser, powered by WebKit . oval:org.secpod.oval:def:1506830 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 - Update release notes to 11.0.20.0+8 - Drop local inclusion of JDK-8274864 JDK-8305113 as the ... oval:org.secpod.oval:def:507854 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:2501138 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. oval:org.secpod.oval:def:2501139 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. oval:org.secpod.oval:def:507858 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix: * OpenJDK: ZIP file parsing infinite loop * OpenJDK: weakness in AES implementation * OpenJDK: improper handling of slash characters in URI-to-path convers ... oval:org.secpod.oval:def:1701450 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE . Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and ... oval:org.secpod.oval:def:89049299 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. * CVE-2023-22041: Fixed a flaw whcih could allow unautho ... oval:org.secpod.oval:def:1506811 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop - OpenJDK: weakness in AES implementation - OpenJDK: improper handling of slash characters in URI-to-path conversion - harfbuzz: OpenJDK: O growth via consecutive marks - OpenJDK: HTTP client insufficient file name validation - ... oval:org.secpod.oval:def:1701203 firefox-esr , thunderbird and nss only are affected by this package. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The Mozilla Foundation Security Advisory describ ... oval:org.secpod.oval:def:2600566 HarfBuzz is an implementation of the OpenType Layout engine. oval:org.secpod.oval:def:509364 HarfBuzz is an implementation of the OpenType Layout engine. Security Fix: harfbuzz: allows attackers to trigger O growth via consecutive marks For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed ... oval:org.secpod.oval:def:2501443 HarfBuzz is an implementation of the OpenType Layout engine. |