RedHat多个安全补丁安全通告
发布时间 2018-07-25
漏洞编号和级别
CVE-2018-2940 中 CVSS分值:4.3
CVE-2018-2941 高 CVSS分值:8.3
CVE-2018-2952 低 CVSS分值:3.7
CVE-2018-2964 高 CVSS分值:8.3
CVE-2018-2973 中 CVSS分值:5.9
漏洞概述
今天,RedHat发布了多个安全补丁,其中包括四个严重级别的补丁如下:
1. RHSA-2018:2256
java-1.8.0-oracle安全更新,现在可用于Oracle Java for Red Hat Enterprise Linux 6。Oracle Java SE版本8包括Oracle Java Runtime Environment和Oracle Java Software Development Kit。此更新将Oracle Java SE 8升级到版本8 Update 181。
受影响的产品:
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 i386
安全修复:
Oracle JDK:7u191,8u181和10.0.2(JavaFX)中修复的未指定漏洞(CVE-2018-2941)
Oracle JDK:8u181和10.0.2(Deployment)中修复的未指定漏洞(CVE-2018-2964)
Oracle JDK: 6u201,7u191,8u181和10.0.2((Libraries)中修复的未指定漏洞(CVE-2018-2940)
OpenJDK:PatternSyntaxException中的索引验证不足getMessage()(Concurrency,8199547)(CVE-2018-2952)
Oracle JDK:6u201,7u191,8u181和10.0.2(JSSE)中修复的未指定漏洞(CVE-2018-2973)
2. RHSA-2018:2255
java-1.7.0-oracle安全更新,现在可用于Oracle Java for Red Hat Enterprise Linux 6。Oracle Java SE版本7包括Oracle Java Runtime Environment和Oracle Java Software Development Kit。此更新将Oracle Java SE 7升级到版本7 Update 191。
受影响的产品:
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 i386
安全修复:
Oracle JDK:7u191,8u181和10.0.2(JavaFX)中修复的未指定漏洞(CVE-2018-2941)
Oracle JDK:6u201,7u191,8u181和10.0.2(Libraries)中修复的未指定漏洞(CVE-2018-2940)
OpenJDK:PatternSyntaxException中的索引验证不足getMessage()(Concurrency,8199547)(CVE-2018-2952)
Oracle JDK:6u201,7u191,8u181和10.0.2(JSSE)中修复的未指定漏洞(CVE-2018-2973)
3. RHSA-2018:2254
java-1.7.0-oracle安全更新,现在可用于Oracle Java for Red Hat Enterprise Linux 7。Oracle Java SE版本7包括Oracle Java Runtime Environment和Oracle Java Software Development Kit。此更新将Oracle Java SE 7升级到版本7 Update 191。
受影响的产品:
Oracle Java (Restricted Maintenance) (for RHEL Server) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) - Extended Update Support 7.5 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) - Extended Update Support 7.5 x86_64
安全修复:
Oracle JDK:7u191,8u181和10.0.2(JavaFX)中修复的未指定漏洞(CVE-2018-2941)
Oracle JDK:在6u201,7u191,8u181和10.0.2(Libraries)中修复的未指定漏洞(CVE-2018-2940)
OpenJDK:PatternSyntaxException中的索引验证不足getMessage()(Concurrency,8199547)(CVE-2018-2952)
Oracle JDK:6u201,7u191,8u181和10.0.2(JSSE)中修复的未指定漏洞(CVE-2018-2973)
4. RHSA-2018:2253
java-1.8.0-oracle安全更新,现在可用于Red Hat Enterprise Linux 7的Oracle Java。Oracle Java SE版本8包括Oracle Java Runtime Environment和Oracle Java Software Development Kit。此更新将Oracle Java SE 8升级到版本8 Update 181。
受影响的产品:
Oracle Java (Restricted Maintenance) (for RHEL Server) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 7 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) - Extended Update Support 7.5 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) - Extended Update Support 7.5 x86_64
安全修复:
Oracle JDK:7u191,8u181和10.0.2(JavaFX)中修复的未指定漏洞(CVE-2018-2941)
Oracle JDK:8u181和10.0.2(Deployment)中修复的未指定漏洞(CVE-2018-2964)
Oracle JDK:在6u201,7u191,8u181和10.0.2(Libraries)中修复的未指定漏洞(CVE-2018-2940)
OpenJDK:PatternSyntaxException中的索引验证不足getMessage()(Concurrency,8199547)(CVE-2018-2952)
Oracle JDK:6u201,7u191,8u181和10.0.2(JSSE)中修复的未指定漏洞(CVE-2018-2973)
修复建议:
RedHat官方已经发布新版本修复了上述漏洞,用户应及时升级进行防护:https://access.redhat.com/articles/11258。
参考链接:
https://access.redhat.com/errata/#/
https://access.redhat.com/articles/11258
京公网安备11010802024551号