Critical Red Hat Updates
Ahead of Patch Tuesday, a new security advisory has been issued for Red Hat.
A recent Red Hat security advisory has been issues for Red Hat Enterprise 6 and 7 relating to Java version 7 and 8.
A CVSS score of 8.6 indicates this has a high probability of being used to targets environments soon, although we are unaware at present if attacks are actively being targeted. Red Hat vulnerabilities of this severity are not often released which couldn’t come at a more inconvenient time with Microsoft Patch Tuesday only 4 days away.
- IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547)
- OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422)
- IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549)
- libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212)
- Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449)
All Syxsense customers can find these updates available in their console, and because of the critical nature of the vulnerability and the huge exposure of Java, we recommend this be prioritized as quickly as possible.
Is your patching strategy ready?
Having a strategic patch roll-out implemented is key to secure software updating. However, your plan and patching software must be flexible enough to deal with a rogue critical update. Will you be ready to jump into action when an emergency security update is released?
With Syxsense, you have the stability of a strategic roll-out, but also the capabilities of a response team.