SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges and Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1040252
SecurityTracker URL:  http://securitytracker.com/id/1040252
CVE Reference:   CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678   (Links to External Site)
Date:  Jan 18 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u171, 7u161, 8u152, 9.0.1
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote or local user can obtain elevated privileges on the target system. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the Java SE Deployment component to gain elevated privileges [CVE-2018-2638, CVE-2018-2639].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JNDI component to gain elevated privileges [CVE-2018-2633].

A local user can exploit a flaw in the Java SE Installer component to gain elevated privileges [CVE-2018-2627].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JMX component to access and modify data [CVE-2018-2637].

A remote user can exploit a flaw in the Java SE, Java SE Embedded JGSS component to access data [CVE-2018-2634].

A remote user can exploit a flaw in the Java SE, Java SE Embedded Hotspot component to modify data [CVE-2018-2582].

A remote user can exploit a flaw in the Java SE, Java SE Embedded AWT component to modify data [CVE-2018-2641].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JCE component to access data [CVE-2018-2618].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JGSS component to modify data [CVE-2018-2629].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit Libraries component to cause partial denial of service conditions [CVE-2018-2603].

A remote user can exploit a flaw in the Java SE, JRockit Serialization component to cause partial denial of service conditions [CVE-2018-2657].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JNDI component to partially modify data and cause partial denial of service conditions [CVE-2018-2599].

A remote user can exploit a flaw in the Java SE JavaFX component to partially access data [CVE-2018-2581].

A local user can exploit a flaw in the Java SE, Java SE Embedded I18n component to partially access data, partially modify data, and partially deny service [CVE-2018-2602].

A remote user can exploit a flaw in the Java SE, Java SE Embedded AWT component to cause partial denial of service conditions [CVE-2018-2677].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit JNDI component to cause partial denial of service conditions [CVE-2018-2678].

A remote authenticated user can exploit a flaw in the Java SE, Java SE Embedded, JRockit LDAP component to partially access data [CVE-2018-2588].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit Libraries component to cause partial denial of service conditions [CVE-2018-2663].

A remote user can exploit a flaw in the Java Advanced Management Console Server component to partially access data [CVE-2018-2675].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit Libraries component to partially access data [CVE-2018-2579].

Moritz Bechler, Michal Rydlo, Greg Hudson of MIT Kerberos team, Allen Reese, Apostolos Giannakidis of Waratek, and Matej Tymes reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   CentOS has issued a fix for CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, and CVE-2018-2678 for java-1.8.0-openjdk.

i386:
aedfa61bf2daf443844cf6e97ac3b1aca5978a0152dada7bc608ebf3f95a9461 java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.i686.rpm
0228e7975a903a24e95d33731b508abd7094dc1ee97893fff9d238b18067adf8 java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9.i686.rpm
887147e2ef26d6ae70a7564e884c4d822261065fe90556172eda958fb47e8f8c java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9.i686.rpm
c6cccf1e268f7202e1a90effbdd8d371bbcdb1ce13453f068c410de496ec97b1 java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9.i686.rpm
c0d65912e964721b78ba31641c7174e7a9981af86445b49cd71c0754bbf3f6e2 java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9.i686.rpm
5a8f1d45265453ba3d1b423342ac60784b5e6e1f83d7d23480490811962decac java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9.i686.rpm
a2bf3ce22b0bab146f4b385f1db394151e73d9cc41b574010f48bb7ddeaba855 java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9.i686.rpm
105e35a7517a69afce3b8e7a1a0e4eb102d4358fe9b4c625958c919b8bc56b64 java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9.i686.rpm
7de3406d823412dbd17aaa8069f09768a117879bc8506a424eb75018b0e0a938 java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9.noarch.rpm
01b581a28636ac8b8439506e6e16bc8da16b135349bbabb77c6aff02e811c4a3 java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9.noarch.rpm
2a6860c1944506df1df76dbef39e21bdb965a88ddd660f3dc9f90b69f09e1fee java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9.i686.rpm
075c7525fe677e946029ed4a982f727b7f154a4a03951664bbed8eec184ddef4 java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9.i686.rpm

x86_64:
ba95497dc991932b615659b2eb78c3a98d79f5f32fb2cb5bdc7254de8539a353 java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.x86_64.rpm
d2ce15aef82064f5badb4ca47721e8fb8743b53adfb20908b7919711065ecf77 java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
f0fafa95776412d4a1e15ce3c2db724ec82c620c974f8ad9167ca7f4cb255474 java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9.x86_64.rpm
a9284fd2781365df7ce6819ec503f555903146d4c17d4a6dcc2fcba51b3d902f java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
99cd860e133743c47a85e1ca4abc907e71e989a5087b7478695f92ba35e5ff5c java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9.x86_64.rpm
cdaa7a1761d9e003d31067c08dae44571575f70ee97bdabd342328b446a3c2ad java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
3fe343d680a27e78031184e0be0b6dcc905e0b98d8a6618f29652caf298a4af4 java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9.x86_64.rpm
5276a0a5981112fa3b78d7c1ab770e52faa3a866fe99a67bb0f43a08c30403d6 java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
7de3406d823412dbd17aaa8069f09768a117879bc8506a424eb75018b0e0a938 java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9.noarch.rpm
01b581a28636ac8b8439506e6e16bc8da16b135349bbabb77c6aff02e811c4a3 java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9.noarch.rpm
fe1204dffecc7fdea9a2144bd92befa22d204cfbbac47fdac6b10eab29ea8e6a java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9.x86_64.rpm
f6976bc2fb8aa2ae4850966e64dda40ec98b1d7f0110c34b10efcb4926a62edc java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm

Source:
d565f75f024098b6e2d6d3fb4f9b32b5e08c01b63484ee0bbae5891873b27bbe java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.src.rpm
x86_64:
2766912d0c8583b9a30da8bd2b71466f56a7fc92ff190af4172de63a505a363e java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.i686.rpm
4e74ae36e07d3d70a7546b65999644fc30f9352e5fa88180cd42f8254c578222 java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64.rpm
be70d0e5ea69695df751ab29bbbc4bea2d9fdaf7041626a14da2f858ef084820 java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4.i686.rpm
2f0c71aeb31a527037ff66d0e42d10d3d23956ca78f156ce9a523d68ef5093de java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4.x86_64.rpm
5730beececbde72bf96919f270a93d6c855026016426c052857c6e3fbba3b290 java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4.i686.rpm
409e515d1c0aa28f2c59b4e38eed54e75a2b34ec2fb215f5d4c3048c9d73298a java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm
b5deb2dd947e0861bdbe2ecd7f573649a0762957b705ca355ccf948780c94fdc java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4.i686.rpm
bc183b1b9c1c1a48ac5e2248c23580c469bed6aad8c1b00d12e45ed3674f834f java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm
ccfafae41cee085f0d25f6c45f8a3271684f7878547f1fd1d1fb432b0cc585f3 java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4.i686.rpm
4869f03636a2e3db10c62912bda10198eedc5c87e2bd92925ad8ec8717e75bf0 java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4.x86_64.rpm
e2e76d4f3787d6f0b8889a48edc71a3c8e4dbaa51e697c9179ba9d4da78199be java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4.i686.rpm
eb0ab0a91a663ae9dda18a30b54c707ebad1838d1158f3e1985a20f5a23f333e java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm
44d5f739b1756e8cc9db1ed060f1b466f2ed5e0e33b4050815756729dbdf3130 java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4.i686.rpm
987f47d6fd54cbef7b7c3ad01fcda79e06975060019027806ba91cb3e2655855 java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4.x86_64.rpm
12a6f4858eb57161f73a10f35b181a0bb50564a6ecadb99ba3149c7a464c99bf java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4.i686.rpm
ad5e3d9dff544ae145e3ecec11b203b4e1ec68b6307d8cc0ca5fc51427a92c43 java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm
12660f8b112be41ddc736c7a5e7ae89631b8d1fd15491c313e86689ace19aa88 java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4.i686.rpm
679daae12c2c46b9427e7e45811ade63aeaf99f408d82e3d15b7a58f958aceb3 java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4.x86_64.rpm
f273343cc2cc69a003df11942b1c53b09e591b856da79e5e0ba85d9841bd614d java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4.i686.rpm
f2928bba6eec9fa58031db25f7fabca724b8d71b53037dbb03c03e95e0520c46 java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm
a85073538a6e46dfdbcf7c4e133490cc036efa2589523e6fcf12d90fb0950489 java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4.noarch.rpm
aa1a25bc2ea08576790f3f16dec6744b9a984317a60db7fbb0e362172e423976 java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4.noarch.rpm
2f9e4deba0573a34379b94e96202b98de9f24775c0e3236d6e4f46031bcbea68 java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4.noarch.rpm
c77f9996c365bfd0e908defa91c5cd5cc5935ab043f83ac25edce54b43c57551 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4.noarch.rpm
8dc501543d8e5c660b759b2523770a377936e4fe7394cb2f54a9abbf377dd0dd java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4.i686.rpm
8d3f2e4b551112bdccb364f587d7e596fde31ce87346d91059f6a5dd5b1d0fd6 java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4.x86_64.rpm
ef65b9442ae5d29b5845e5c0715a2d74a5d1e05d7d849f0a8a03f43f3cef9f0e java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4.i686.rpm
58eec59c90cf6c55c9c79a391acb00de0f5b92db9aca7388ae1eebc3cdec0352 java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4.x86_64.rpm

Source:
bdd53201389bbc3d4e6673551a8913964c750b7a5996704bd4a3808176b2ed9e java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.src.rpm

Cause:   Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 17 2018 Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges and Let Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2018:0095 Important CentOS 6 java-1.8.0-openjdk Security Update


CentOS Errata and Security Advisory 2018:0095 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0095

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
aedfa61bf2daf443844cf6e97ac3b1aca5978a0152dada7bc608ebf3f95a9461  java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.i686.rpm
0228e7975a903a24e95d33731b508abd7094dc1ee97893fff9d238b18067adf8  java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9.i686.rpm
887147e2ef26d6ae70a7564e884c4d822261065fe90556172eda958fb47e8f8c  java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9.i686.rpm
c6cccf1e268f7202e1a90effbdd8d371bbcdb1ce13453f068c410de496ec97b1  java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9.i686.rpm
c0d65912e964721b78ba31641c7174e7a9981af86445b49cd71c0754bbf3f6e2  java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9.i686.rpm
5a8f1d45265453ba3d1b423342ac60784b5e6e1f83d7d23480490811962decac  java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9.i686.rpm
a2bf3ce22b0bab146f4b385f1db394151e73d9cc41b574010f48bb7ddeaba855  java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9.i686.rpm
105e35a7517a69afce3b8e7a1a0e4eb102d4358fe9b4c625958c919b8bc56b64  java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9.i686.rpm
7de3406d823412dbd17aaa8069f09768a117879bc8506a424eb75018b0e0a938  java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9.noarch.rpm
01b581a28636ac8b8439506e6e16bc8da16b135349bbabb77c6aff02e811c4a3  java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9.noarch.rpm
2a6860c1944506df1df76dbef39e21bdb965a88ddd660f3dc9f90b69f09e1fee  java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9.i686.rpm
075c7525fe677e946029ed4a982f727b7f154a4a03951664bbed8eec184ddef4  java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9.i686.rpm

x86_64:
ba95497dc991932b615659b2eb78c3a98d79f5f32fb2cb5bdc7254de8539a353  java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.x86_64.rpm
d2ce15aef82064f5badb4ca47721e8fb8743b53adfb20908b7919711065ecf77  java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
f0fafa95776412d4a1e15ce3c2db724ec82c620c974f8ad9167ca7f4cb255474  java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9.x86_64.rpm
a9284fd2781365df7ce6819ec503f555903146d4c17d4a6dcc2fcba51b3d902f  java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
99cd860e133743c47a85e1ca4abc907e71e989a5087b7478695f92ba35e5ff5c  java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9.x86_64.rpm
cdaa7a1761d9e003d31067c08dae44571575f70ee97bdabd342328b446a3c2ad  java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
3fe343d680a27e78031184e0be0b6dcc905e0b98d8a6618f29652caf298a4af4  java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9.x86_64.rpm
5276a0a5981112fa3b78d7c1ab770e52faa3a866fe99a67bb0f43a08c30403d6  java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm
7de3406d823412dbd17aaa8069f09768a117879bc8506a424eb75018b0e0a938  java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9.noarch.rpm
01b581a28636ac8b8439506e6e16bc8da16b135349bbabb77c6aff02e811c4a3  java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9.noarch.rpm
fe1204dffecc7fdea9a2144bd92befa22d204cfbbac47fdac6b10eab29ea8e6a  java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9.x86_64.rpm
f6976bc2fb8aa2ae4850966e64dda40ec98b1d7f0110c34b10efcb4926a62edc  java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9.x86_64.rpm

Source:
d565f75f024098b6e2d6d3fb4f9b32b5e08c01b63484ee0bbae5891873b27bbe  java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC