Synopsis: Moderate: java-1.7.0-openjdk security update Advisory ID: SLSA-2019:1839-1 Issue Date: 2019-07-24 CVE Numbers: CVE-2019-2769 CVE-2019-2816 CVE-2019-2842 CVE-2019-2786 CVE-2019-2745 CVE-2019-2762 -- Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) -- SL7 x86_64 java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-accessibility-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el7_6.x86_64.rpm java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el7_6.src.rpm noarch java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el7_6.noarch.rpm - Scientific Linux Development Team