Ubuntu Security Notice 4080-1 - Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
b2f8d3392cdd91986b9855643afae96bc0a7988a22f7cd705a4412588de93bef
Red Hat Security Advisory 2019-1839-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
0a13367a5983baf5fd94b6e99fd1e90d4d62cd0e78706bd0f4e6b11c0feaa972
Red Hat Security Advisory 2019-1840-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
efe76a83a18f395a632251059095882c6835ea73f49af86d8e44dab14a216d65
Red Hat Security Advisory 2019-1811-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
1f26352062bc0ee29c1b17bd8159dd573ce3ba39da8123d3bb174812831a8048
Red Hat Security Advisory 2019-1815-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
7290f02847291817e8143054378a220d432a45dd9217b65bfe0e3cebdf75582c
Red Hat Security Advisory 2019-1816-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
51eeca9bbacbd7b108837b5bf831778b79ff345fba2bbd608e74df1376a43fb5
Debian Linux Security Advisory 4485-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
2a6a5cef5dc45e687e7298af94ae6fbff3a526cf53d7d6f9ca470b198ee2ad73