CVE-2018-2678 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J

CVE-2018-2678

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

References

Vulnerable Configurations

cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update161:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp7_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp_p9000_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp_p9000_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp_command_view:8.6.2-01:*:*:*:advanced:*:*:*
cpe:2.3:a:hp:xp_command_view:8.6.2-01:*:*:*:advanced:*:*:*

CVSS

Base:	4.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1535036
title	CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095001
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095003
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095005
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095007
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095009
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095011
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095013
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095015
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095017
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095019
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095021
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.161-3.b14.el6_9
oval oval:com.redhat.rhsa:tst:20180095023
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095026
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095027
comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150809016

AND

comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095029
comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20160049006

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095031
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095032
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095033
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095034
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095035
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095036
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095037
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095038
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095039
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095040
comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170180041

AND

comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095042
comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170180043

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095044
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.161-0.b14.el7_4
oval oval:com.redhat.rhsa:tst:20180095045
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

rhsa

id	RHSA-2018:0095
released	2018-01-17
severity	Important
title	RHSA-2018:0095: java-1.8.0-openjdk security update (Important)

bugzilla

id	1535353
title	CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115001
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115003
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115005
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115007
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115009
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.181-1jpp.2.el7
oval oval:com.redhat.rhsa:tst:20180115011
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115014
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115015
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115016
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115017
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115018
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.181-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20180115019
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

rhsa

id	RHSA-2018:0115
released	2018-01-22
severity	Important
title	RHSA-2018:0115: java-1.6.0-sun security update (Important)

bugzilla

id	1535036
title	CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.171-2.6.13.0.el6_9
oval oval:com.redhat.rhsa:tst:20180349001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.171-2.6.13.0.el6_9
oval oval:com.redhat.rhsa:tst:20180349003
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.171-2.6.13.0.el6_9
oval oval:com.redhat.rhsa:tst:20180349005
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.171-2.6.13.0.el6_9
oval oval:com.redhat.rhsa:tst:20180349007
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.171-2.6.13.0.el6_9
oval oval:com.redhat.rhsa:tst:20180349009
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349012
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349013
comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675004

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349015
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349016
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349017
comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675010

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349019
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.171-2.6.13.0.el7_4
oval oval:com.redhat.rhsa:tst:20180349020
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

rhsa

id	RHSA-2018:0349
released	2018-02-26
severity	Important
title	RHSA-2018:0349: java-1.7.0-openjdk security update (Important)

rhsa
id RHSA-2018:0099
rhsa
id RHSA-2018:0100
rhsa
id RHSA-2018:0351
rhsa
id RHSA-2018:0352
rhsa
id RHSA-2018:0458
rhsa
id RHSA-2018:0521
rhsa
id RHSA-2018:1463
rhsa
id RHSA-2018:1812

rpms

java-1.8.0-openjdk-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-accessibility-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-debuginfo-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-debuginfo-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-demo-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-demo-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-demo-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-demo-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-devel-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-devel-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-devel-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-devel-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-headless-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-headless-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-headless-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-headless-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-javadoc-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-javadoc-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-javadoc-zip-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-src-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-src-1:1.8.0.161-3.b14.el6_9
java-1.8.0-openjdk-src-debug-1:1.8.0.161-0.b14.el7_4
java-1.8.0-openjdk-src-debug-1:1.8.0.161-3.b14.el6_9
java-1.8.0-oracle-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-1:1.8.0.161-1jpp.2.el7
java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-devel-1:1.8.0.161-1jpp.2.el7
java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-javafx-1:1.8.0.161-1jpp.2.el7
java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-jdbc-1:1.8.0.161-1jpp.2.el7
java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-plugin-1:1.8.0.161-1jpp.2.el7
java-1.8.0-oracle-src-1:1.8.0.161-1jpp.1.el6_9
java-1.8.0-oracle-src-1:1.8.0.161-1jpp.2.el7
java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-1:1.7.0.171-1jpp.1.el7
java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-devel-1:1.7.0.171-1jpp.1.el7
java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-javafx-1:1.7.0.171-1jpp.1.el7
java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-jdbc-1:1.7.0.171-1jpp.1.el7
java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-plugin-1:1.7.0.171-1jpp.1.el7
java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el6_9
java-1.7.0-oracle-src-1:1.7.0.171-1jpp.1.el7
java-1.6.0-sun-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-1:1.6.0.181-1jpp.2.el7
java-1.6.0-sun-demo-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-demo-1:1.6.0.181-1jpp.2.el7
java-1.6.0-sun-devel-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-devel-1:1.6.0.181-1jpp.2.el7
java-1.6.0-sun-jdbc-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-jdbc-1:1.6.0.181-1jpp.2.el7
java-1.6.0-sun-plugin-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-plugin-1:1.6.0.181-1jpp.2.el7
java-1.6.0-sun-src-1:1.6.0.181-1jpp.1.el6
java-1.6.0-sun-src-1:1.6.0.181-1jpp.2.el7
java-1.7.0-openjdk-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-accessibility-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-debuginfo-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-debuginfo-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-demo-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-demo-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-devel-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-devel-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-headless-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-javadoc-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-javadoc-1:1.7.0.171-2.6.13.0.el7_4
java-1.7.0-openjdk-src-1:1.7.0.171-2.6.13.0.el6_9
java-1.7.0-openjdk-src-1:1.7.0.171-2.6.13.0.el7_4
java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-demo-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-jdbc-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-plugin-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-src-1:1.8.0.5.10-1jpp.1.el7
java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-demo-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-jdbc-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-plugin-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-src-1:1.8.0.5.10-1jpp.1.el6_9
java-1.7.1-ibm-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-demo-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-src-1:1.7.1.4.20-1jpp.1.el7
java-1.7.1-ibm-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-demo-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-jdbc-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-plugin-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-src-1:1.7.1.4.20-1jpp.3.el6_9
java-1.8.0-ibm-1:1.8.0.5.10-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.10-1jpp.1.el6_9
java-1.7.1-ibm-1:1.7.1.4.20-1jpp.3.el6_9
java-1.7.1-ibm-devel-1:1.7.1.4.20-1jpp.3.el6_9

refmap via4

bid	102659
confirm	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180117-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us
debian	DSA-4144 DSA-4166
mlist	[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update
sectrack	1040203
ubuntu	USN-3613-1 USN-3614-1

Last major update

13-05-2022 - 14:57

Published

18-01-2018 - 02:29

Last modified

13-05-2022 - 14:57