Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 Oracle Enterprise Linux 6 Oracle Enterprise Linux 7 CVE Number CVE-2018-3999 CVE-2018-4000 CVE-2018-4001 CVE-2018-4002 CVE-2018-4003 CVE-2018-4004 CVE-2018-4005 CVE-2018-4006 CVE-2018-4007 CVE-2018-4008 CVE-2018-4009 CVE-2018-4010 CVE-2018-4011 CVE-2018-4012 CVE-2018-4013 CVE-2018-4014 CVE-2018-4015 CVE-2018-4016 CVE-2018-4017 CVE-2018-4018 CVE-2018-4019 CVE-2018-4020 CVE-2018-4021 CVE-2018-4022 CVE-2018-4023 CVE-2018-4024 CVE-2018-4025 CVSS 7.0 Base Score 5.2 7.7 7.2 3.9 6.9 6.9 7.7 7.2 5.2 Advisory CVE-2018-3999_REDHAT A critical security vulnerability has been identified in the Java virtual machine (CVE-2018-3999). Red Hat has provided a patch for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 5. CVE-2018-4000 A critical security vulnerability has been identified in the Java virtual machine (CVE-2018-4000

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 6 is one of the most popular Red Hat based distros in use today. It has been replaced by the updated version, Red Hat Enterprise Linux 7, but it is still a very popular distro. It's latest release is the RHEL6 release 6.8, which was released on 10th November 2018.

The release of RHEL6 was done to provide customers with compatibility and stability while they update to the advanced features of RHEL7.

New Java vulnerabilities in Oracle Linux

6, Oracle Linux 7 and Red Hat Enterprise Linux 6
A list of new vulnerabilities and fixes has been released by Oracle. There are several vulnerabilities that affect both Oracle Linux 6, and Oracle Linux 7, with the highest impact being CVE-2018-4010 which affects the Java virtual machine where high risk of exploitation exists.

Red Hat Enterprise Linux 6 CVEs

A critical security vulnerability has been identified in the Java virtual machine (CVE-2018-3999). Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 5 have been provided with a patch for this.

Current Oracle Java SE CVEs

Oracle Java SE CVEs as of September 18, 2018:
CVE-2018-3999_REDHAT
CVE-2018-4000
CVE-2018-4001
CVE-2018-4002
CVE-2018-4003
CVE-2018-4004
CVE-2018-4005
CVE-2018-4006
CVE-2018-4007
CVE-2018-4008
CVE-2018-4009
CVE-2018-4010
CVE CVE -201 8 -40 1 9  :  OpenJDK 7 update 147 is not the latest OpenJDK version.  The latest OpenJDK version is JDK 11.  This vulnerability is not present in the Oracle JDK or Oracle JRE.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References