| Errata ID | 294 |
|---|---|
| Date | 2018-11-01 |
| Source package | openjdk-8 |
| Fixed in version | 8u181-b13-2~deb9u1 |
| Description | This update addresses the following issues: * Incorrect handling of unsigned attributes in signed Jar manifests (CVE-2018-3136) * Leak of sensitive header data via HTTP redirect (CVE-2018-3139) * Incomplete enforcement of the trustURLCodebase restriction (CVE-2018-3149) * Improper field access checks (CVE-2018-3169) * Missing endpoint identification algorithm check during TLS session resumption (CVE-2018-3180) * Unrestricted access to scripting engine (CVE-2018-3183) * Infinite loop in RIFF format reader (CVE-2018-3214) |
| Additional notes | |
| CVE ID | CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 |
| UCS Bug number | #48074 |
