AXSA:2019-3938:03

Release date: 
Monday, July 22, 2019 - 16:54
Subject: 
java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)

* OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)

* OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)

* OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)

* OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)

* OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-2745
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2762
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2769
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2786
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2816
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-2842
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.src.rpm
md5sum: d0c09cd40837a3f26ede3fe1f4beb564
sha256sum: aab2343e8df23934a1033b153518b99e09331aed2c35a48e0d47074fb2e8a761
Size: 55,219 Kb

Asianux Server 4.0 for x86_64
1. java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.x86_64.rpm
md5sum: d08d8fbec714aa6adaf3635e059f6372
sha256sum: e0a20d58a1fe1f83de96030d026e1d60b41bdeb29b800c3da0ae23428d80a20c
Size: 230 Kb
2. java-1.8.0-openjdk-devel-1.8.0.222.b10-0.AXS4.x86_64.rpm
md5sum: 23cd8b1f5cc0b68871267c3d2f40cb24
sha256sum: 28d0fc47fbd96eeca5dd0a85257f699c489f42f2a454dcf2d6ce152486cdf25a
Size: 10,336 Kb
3. java-1.8.0-openjdk-headless-1.8.0.222.b10-0.AXS4.x86_64.rpm
md5sum: 511c73d40f469ce89d763455420dbb67
sha256sum: ed8600a150903e85ba7d5ebb97426e4878cea07b62bc137fd60648bd12e24d86
Size: 32,991 Kb

Asianux Server 4.0 for x86
1. java-1.8.0-openjdk-1.8.0.222.b10-0.AXS4.i686.rpm
md5sum: 4327095029d9615334549d9b64e72955
sha256sum: 6ce8f067010cc5d4e7bc9fa25126e468ffea0cb44e64d1d95ae978f6a1373191
Size: 217 Kb
2. java-1.8.0-openjdk-devel-1.8.0.222.b10-0.AXS4.i686.rpm
md5sum: 6a21d8c90139aef1944f7a29cd544429
sha256sum: 6d8130c1a43444e27c3a843c0a6995920922194bf84b6a576d791051ed167b20
Size: 10,337 Kb
3. java-1.8.0-openjdk-headless-1.8.0.222.b10-0.AXS4.i686.rpm
md5sum: 3fa4912df81f672af508e663c16b5798
sha256sum: a15e8beeaaff306d84b98056b0eaddf49905f07ccc04b64a432082baa95f3905
Size: 32,359 Kb
Copyright© 2007-2015 Asianux. All rights reserved.