SB2019011702 - Multiple vulnerabilities in Oracle Java SE
Published: January 17, 2019 Updated: September 19, 2019
Security Bulletin ID
SB2019011702
Severity
Low
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2018-11212)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to division by zero error within the libjpeg library within the libjpeg-turbo in alloc_sarray() function of jmemmgr.c file. A remote attacker can pass a specially crafted file the to affected application and cause application to crash.
2) Information disclosure (CVE-ID: CVE-2019-2426)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The weakness exists due to unspecified flaw in Networking component. A remote attacker read arbitrary data.
3) Information disclosure (CVE-ID: CVE-2019-2422)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The weakness exists due to unspecified flaw in Libraries component. A remote attacker can gain access to sensitive information on the system.
4) Denial of service (CVE-ID: CVE-2019-2449)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to unspecified flaw in Deployment component. A remote attacker cause the service to crash.
Remediation
Install update from vendor's website.