SB2019030513 - Red Hat Enterprise Linux 7 Supplementary update for java-1.7.1-ibm
Published: March 5, 2019 Updated: April 24, 2025
Security Bulletin ID
SB2019030513
Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2018-11212)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to division by zero error within the libjpeg library within the libjpeg-turbo in alloc_sarray() function of jmemmgr.c file. A remote attacker can pass a specially crafted file the to affected application and cause application to crash.
2) Buffer overflow (CVE-ID: CVE-2018-12547)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
3) Information disclosure (CVE-ID: CVE-2019-2422)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The weakness exists due to unspecified flaw in Libraries component. A remote attacker can gain access to sensitive information on the system.
Remediation
Install update from vendor's website.