| Errata ID | 555 |
|---|---|
| Date | 2018-11-28 |
| Source package | openjdk-7 |
| Fixed in version | 7u181-2.6.14-2~deb8u1A~4.2.5.201811260940 |
| Description | This update addresses the following issues: * insufficient index validation in PatternSyntaxException getMessage() (CVE-2018-2952) * Incorrect handling of unsigned attributes in signed Jar manifests (CVE-2018-3136) * Leak of sensitive header data via HTTP redirect (CVE-2018-3139) * Incomplete enforcement of the trustURLCodebase restriction (CVE-2018-3149) * Improper field access checks (CVE-2018-3169) * Missing endpoint identification algorithm check during TLS session resumption (CVE-2018-3180) * Infinite loop in RIFF format reader (CVE-2018-3214) |
| Additional notes | |
| CVE ID | CVE-2018-2952 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 |
| UCS Bug number | #48200 |
