ID CVE-2019-2422
Summary Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:update_201
    cpe:2.3:a:oracle:jdk:1.7.0:update_201
  • cpe:2.3:a:oracle:jdk:1.8.0:update_192
    cpe:2.3:a:oracle:jdk:1.8.0:update_192
  • cpe:2.3:a:oracle:jdk:11.0.1
    cpe:2.3:a:oracle:jdk:11.0.1
  • cpe:2.3:a:oracle:jre:1.7.0:update_201
    cpe:2.3:a:oracle:jre:1.7.0:update_201
  • cpe:2.3:a:oracle:jre:1.8.0:update_192
    cpe:2.3:a:oracle:jre:1.8.0:update_192
  • cpe:2.3:a:oracle:jre:11.0.1
    cpe:2.3:a:oracle:jre:11.0.1
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • cpe:2.3:a:netapp:oncommand_unified_manager
    cpe:2.3:a:netapp:oncommand_unified_manager
  • cpe:2.3:a:netapp:oncommand_workflow_automation
    cpe:2.3:a:netapp:oncommand_workflow_automation
  • cpe:2.3:a:netapp:snapmanager:-:-:-:-:-:oracle
    cpe:2.3:a:netapp:snapmanager:-:-:-:-:-:oracle
  • cpe:2.3:a:netapp:snapmanager:-:-:-:-:-:sap
    cpe:2.3:a:netapp:snapmanager:-:-:-:-:-:sap
  • Red Hat Satellite 5.8
    cpe:2.3:a:redhat:satellite:5.8
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server 7.6
    cpe:2.3:o:redhat:enterprise_linux_server:7.6
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • openSUSE Leap 15.0
    cpe:2.3:o:opensuse:leap:15.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0221-1.NASL
    description This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) CVE-2019-2426: Improve web server connections CVE-2018-11212: Improve JPEG processing (bsc#1122299) Better route routing Better interface enumeration Better interface lists Improve BigDecimal support Improve robot support Better icon support Choose printer defaults Proper allocation handling Initial class initialization More reliable p11 transactions Improve NIO stability Better loading of classloader classes Strengthen Windows Access Bridge Support Improved data set handling Improved LSA authentication Libsunmscapi improved interactions Non-security issues fix: Do not resolve by default the added JavaEE modules (bsc#1120431) ~2.5% regression on compression benchmark starting with 12-b11 java.net.http.HttpClient hangs on 204 reply without Content-length 0 Add additional TeliaSonera root certificate Add more ld preloading related info to hs_error file on Linux Add test to exercise server-side client hello processing AES encrypt performance regression in jdk11b11 AIX: ProcessBuilder: Piping between created processes does not work. AIX: Some class library files are missing the Classpath exception AppCDS crashes for some uses with JRuby Automate vtable/itable stub size calculation BarrierSetC1::generate_referent_check() confuses register allocator Better HTTP Redirection Catastrophic size_t underflow in BitMap::*_large methods Clip.isRunning() may return true after Clip.stop() was called Compiler thread creation should be bounded by available space in memory and Code Cache com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code Default mask register for avx512 instructions Delayed starting of debugging via jcmd Disable all DES cipher suites Disable anon and NULL cipher suites Disable unsupported GCs for Zero Epsilon alignment adjustments can overflow max TLAB size Epsilon elastic TLAB sizing may cause misalignment HotSpot update for vm_version.cpp to recognise updated VS2017 HttpClient does not retrieve files with large sizes over HTTP/1.1 IIOException 'tEXt chunk length is not proper' on opening png file Improve TLS connection stability again InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection Inspect stack during error reporting Instead of circle rendered in appl window, but ellipse is produced JEditor Pane Introduce diagnostic flag to abort VM on failed JIT compilation Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap jar has issues with UNC-path arguments for the jar -C parameter [windows] java.net.http HTTP client should allow specifying Origin and Referer headers java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 JDK 11.0.1 l10n resource file update JDWP Transport Listener: dt_socket thread crash JVMTI ResourceExhausted should not be posted in CompilerThread LDAPS communication failure with jdk 1.8.0_181 linux: Poor StrictMath performance due to non-optimized compilation Missing synchronization when reading counters for live threads and peak thread count NPE in SupportedGroupsExtension OpenDataException thrown when constructing CompositeData for StackTraceElement Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader Populate handlers while holding streamHandlerLock ppc64: Enable POWER9 CPU detection print_location is not reliable enough (printing register info) Reconsider default option for ClassPathURLCheck change done in JDK-8195874 Register to register spill may use AVX 512 move instruction on unsupported platform. s390: Use of shift operators not covered by cpp standard serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded SIGBUS in CodeHeapState::print_names() SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator Swing apps are slow if displaying from a remote source to many local displays switch jtreg to 4.2b13 Test library OSInfo.getSolarisVersion cannot determine Solaris version TestOptionsWithRanges.java is very slow TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently The Japanese message of FileNotFoundException garbled The 'supported_groups' extension in ServerHellos ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. TLS 1.2 Support algorithm in SunPKCS11 provider TLS 1.3 handshake server name indication is missing on a session resume TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth tz: Upgrade time-zone data to tzdata2018g Undefined behaviour in ADLC Update avx512 implementation URLStreamHandler initialization race UseCompressedOops requirement check fails fails on 32-bit system windows: Update OS detection code to recognize Windows Server 2019 x86: assert on unbound assembler Labels used as branch targets x86: jck tests for ldc2_w bytecode fail x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization '-XX:OnOutOfMemoryError' uses fork instead of vfork Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121568
    published 2019-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121568
    title SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:0221-1)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_JAN_2019.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components : - An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212) - An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426) - An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449) - An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422) Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-17
    plugin id 121231
    published 2019-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121231
    title Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3875-1.NASL
    description It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-31
    plugin id 121508
    published 2019-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121508
    title Ubuntu 16.04 LTS / 18.10 : openjdk-8, openjdk-lts vulnerability (USN-3875-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-161.NASL
    description This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix : - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException 'tEXt chunk length is not proper' on opening png file - Improve TLS connection stability again - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection - Inspect stack during error reporting - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane - Introduce diagnostic flag to abort VM on failed JIT compilation - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap - jar has issues with UNC-path arguments for the jar -C parameter [windows] - java.net.http HTTP client should allow specifying Origin and Referer headers - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 - JDK 11.0.1 l10n resource file update - JDWP Transport Listener: dt_socket thread crash - JVMTI ResourceExhausted should not be posted in CompilerThread - LDAPS communication failure with jdk 1.8.0_181 - linux: Poor StrictMath performance due to non-optimized compilation - Missing synchronization when reading counters for live threads and peak thread count - NPE in SupportedGroupsExtension - OpenDataException thrown when constructing CompositeData for StackTraceElement - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader - Populate handlers while holding streamHandlerLock - ppc64: Enable POWER9 CPU detection - print_location is not reliable enough (printing register info) - Reconsider default option for ClassPathURLCheck change done in JDK-8195874 - Register to register spill may use AVX 512 move instruction on unsupported platform. - s390: Use of shift operators not covered by cpp standard - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - SIGBUS in CodeHeapState::print_names() - SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAlloca tor - Swing apps are slow if displaying from a remote source to many local displays - switch jtreg to 4.2b13 - Test library OSInfo.getSolarisVersion cannot determine Solaris version - TestOptionsWithRanges.java is very slow - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently - The Japanese message of FileNotFoundException garbled - The 'supported_groups' extension in ServerHellos - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. - TLS 1.2 Support algorithm in SunPKCS11 provider - TLS 1.3 handshake server name indication is missing on a session resume - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth - tz: Upgrade time-zone data to tzdata2018g - Undefined behaviour in ADLC - Update avx512 implementation - URLStreamHandler initialization race - UseCompressedOops requirement check fails fails on 32-bit system - windows: Update OS detection code to recognize Windows Server 2019 - x86: assert on unbound assembler Labels used as branch targets - x86: jck tests for ldc2_w bytecode fail - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization - '-XX:OnOutOfMemoryError' uses fork instead of vfork This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-02-13
    plugin id 122145
    published 2019-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122145
    title openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JAN_2019_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components : - An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212) - An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426) - An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449) - An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422) Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-17
    plugin id 121230
    published 2019-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121230
    title Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU) (Unix)
redhat via4
advisories
  • bugzilla
    id 1665945
    title CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.8.0-openjdk is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416013
        • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636006
      • AND
        • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416007
        • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919012
      • AND
        • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416011
        • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636012
      • AND
        • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416021
        • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919018
      • AND
        • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416015
        • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636016
      • AND
        • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416017
        • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919016
      • AND
        • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416019
        • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636008
      • AND
        • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416023
        • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919006
      • AND
        • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416025
        • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636014
      • AND
        • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416027
        • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919028
      • AND
        • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416009
        • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636010
      • AND
        • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.201.b09-1.el6_10
          oval oval:com.redhat.rhsa:tst:20190416005
        • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919022
    rhsa
    id RHSA-2019:0416
    released 2019-02-26
    severity Moderate
    title RHSA-2019:0416: java-1.8.0-openjdk security update (Moderate)
  • bugzilla
    id 1665945
    title CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment java-1.8.0-openjdk is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435025
        • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636006
      • AND
        • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435009
        • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150809023
      • AND
        • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435007
        • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20160049016
      • AND
        • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435015
        • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919012
      • AND
        • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435011
        • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636012
      • AND
        • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435019
        • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919018
      • AND
        • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435013
        • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636016
      • AND
        • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435005
        • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919016
      • AND
        • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435023
        • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636008
      • AND
        • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435021
        • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919006
      • AND
        • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435035
        • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636014
      • AND
        • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435031
        • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919028
      • AND
        • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435033
        • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170180051
      • AND
        • comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435029
        • comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170180048
      • AND
        • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435027
        • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141636010
      • AND
        • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.201.b09-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190435017
        • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151919022
    rhsa
    id RHSA-2019:0435
    released 2019-02-28
    severity Moderate
    title RHSA-2019:0435: java-1.8.0-openjdk security update (Moderate)
  • bugzilla
    id 1665945
    title CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment java-11-openjdk is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436017
        • comment java-11-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521014
      • AND
        • comment java-11-openjdk-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436007
        • comment java-11-openjdk-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521026
      • AND
        • comment java-11-openjdk-demo is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436023
        • comment java-11-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521024
      • AND
        • comment java-11-openjdk-demo-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436021
        • comment java-11-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521030
      • AND
        • comment java-11-openjdk-devel is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436013
        • comment java-11-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521016
      • AND
        • comment java-11-openjdk-devel-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436033
        • comment java-11-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521022
      • AND
        • comment java-11-openjdk-headless is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436015
        • comment java-11-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521010
      • AND
        • comment java-11-openjdk-headless-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436029
        • comment java-11-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521018
      • AND
        • comment java-11-openjdk-javadoc is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436031
        • comment java-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521006
      • AND
        • comment java-11-openjdk-javadoc-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436027
        • comment java-11-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521034
      • AND
        • comment java-11-openjdk-javadoc-zip is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436011
        • comment java-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521036
      • AND
        • comment java-11-openjdk-javadoc-zip-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436019
        • comment java-11-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521032
      • AND
        • comment java-11-openjdk-jmods is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436025
        • comment java-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521008
      • AND
        • comment java-11-openjdk-jmods-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436009
        • comment java-11-openjdk-jmods-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521028
      • AND
        • comment java-11-openjdk-src is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436035
        • comment java-11-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521012
      • AND
        • comment java-11-openjdk-src-debug is earlier than 1:11.0.2.7-0.el7_6
          oval oval:com.redhat.rhsa:tst:20190436005
        • comment java-11-openjdk-src-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183521020
    rhsa
    id RHSA-2019:0436
    released 2019-02-28
    severity Moderate
    title RHSA-2019:0436: java-11-openjdk security update (Moderate)
  • bugzilla
    id 1665945
    title CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment java-1.7.0-openjdk is earlier than 1:1.7.0.211-2.6.17.1.el6_10
          oval oval:com.redhat.rhsa:tst:20190462007
        • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009006
      • AND
        • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.211-2.6.17.1.el6_10
          oval oval:com.redhat.rhsa:tst:20190462011
        • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009010
      • AND
        • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.211-2.6.17.1.el6_10
          oval oval:com.redhat.rhsa:tst:20190462005
        • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009008
      • AND
        • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.211-2.6.17.1.el6_10
          oval oval:com.redhat.rhsa:tst:20190462013
        • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009012
      • AND
        • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.211-2.6.17.1.el6_10
          oval oval:com.redhat.rhsa:tst:20190462009
        • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2019:0462
    released 2019-03-05
    severity Moderate
    title RHSA-2019:0462: java-1.7.0-openjdk security update (Moderate)
  • bugzilla
    id 1665945
    title CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment java-1.7.0-openjdk is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464007
        • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009006
      • AND
        • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464009
        • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140675018
      • AND
        • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464005
        • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009010
      • AND
        • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464015
        • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009008
      • AND
        • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464013
        • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140675012
      • AND
        • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464017
        • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009012
      • AND
        • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.211-2.6.17.1.el7_6
          oval oval:com.redhat.rhsa:tst:20190464011
        • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2019:0464
    released 2019-03-05
    severity Moderate
    title RHSA-2019:0464: java-1.7.0-openjdk security update (Moderate)
  • rhsa
    id RHSA-2019:0469
  • rhsa
    id RHSA-2019:0472
  • rhsa
    id RHSA-2019:0473
  • rhsa
    id RHSA-2019:0474
  • rhsa
    id RHSA-2019:0640
  • rhsa
    id RHSA-2019:1238
rpms
  • java-1.8.0-openjdk-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.201.b09-1.el6_10
  • java-1.8.0-openjdk-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-accessibility-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-demo-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-devel-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-headless-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-javadoc-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-src-1:1.8.0.201.b09-0.el7_6
  • java-1.8.0-openjdk-src-debug-1:1.8.0.201.b09-0.el7_6
  • java-11-openjdk-1:11.0.2.7-0.el7_6
  • java-11-openjdk-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-demo-1:11.0.2.7-0.el7_6
  • java-11-openjdk-demo-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-devel-1:11.0.2.7-0.el7_6
  • java-11-openjdk-devel-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-headless-1:11.0.2.7-0.el7_6
  • java-11-openjdk-headless-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-javadoc-1:11.0.2.7-0.el7_6
  • java-11-openjdk-javadoc-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-javadoc-zip-1:11.0.2.7-0.el7_6
  • java-11-openjdk-javadoc-zip-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-jmods-1:11.0.2.7-0.el7_6
  • java-11-openjdk-jmods-debug-1:11.0.2.7-0.el7_6
  • java-11-openjdk-src-1:11.0.2.7-0.el7_6
  • java-11-openjdk-src-debug-1:11.0.2.7-0.el7_6
  • java-1.7.0-openjdk-1:1.7.0.211-2.6.17.1.el6_10
  • java-1.7.0-openjdk-demo-1:1.7.0.211-2.6.17.1.el6_10
  • java-1.7.0-openjdk-devel-1:1.7.0.211-2.6.17.1.el6_10
  • java-1.7.0-openjdk-javadoc-1:1.7.0.211-2.6.17.1.el6_10
  • java-1.7.0-openjdk-src-1:1.7.0.211-2.6.17.1.el6_10
  • java-1.7.0-openjdk-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-accessibility-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-demo-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-devel-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-headless-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-javadoc-1:1.7.0.211-2.6.17.1.el7_6
  • java-1.7.0-openjdk-src-1:1.7.0.211-2.6.17.1.el7_6
refmap via4
bid 106596
bugtraq 20190320 [SECURITY] [DSA 4410-1] openjdk-8 security update
confirm
debian DSA-4410
gentoo GLSA-201903-14
mlist [debian-lts-announce] 20190327 [SECURITY] [DLA 1732-1] openjdk-7 security update
suse openSUSE-SU-2019:0346
ubuntu
  • USN-3875-1
  • USN-3942-1
  • USN-3949-1
Last major update 16-01-2019 - 14:30
Published 16-01-2019 - 14:30
Last modified 16-05-2019 - 12:29
Back to Top