RedHat Enterprise Linux 7: RHSA-2018-2253 Critical: Oracle Java Update
Jul 24, 2018
•
LinuxSecurity Advisories
3 - 6 min read
An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.8.0-oracle security update
Advisory ID: RHSA-2018:2253-01
Product: Oracle Java for Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2253
Issue date: 2018-07-24
CVE Names: CVE-2018-2940 CVE-2018-2941 CVE-2018-2952
CVE-2018-2964 CVE-2018-2973
====================================================================
1. Summary:
An update for java-1.8.0-oracle is now available for Oracle Java for Red
Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
Oracle Java SE version 8 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update upgrades Oracle Java SE 8 to version 8 Update 181.
Security Fix(es):
* Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2
(JavaFX) (CVE-2018-2941)
* Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2
(Deployment) (CVE-2018-2964)
* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and
10.0.2 (Libraries) (CVE-2018-2940)
* OpenJDK: insufficient index validation in PatternSyntaxException
getMessage() (Concurrency, 8199547) (CVE-2018-2952)
* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and
10.0.2 (JSSE) (CVE-2018-2973)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Oracle Java must be restarted for this update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
1602142 - CVE-2018-2964 Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
1602143 - CVE-2018-2941 Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)
6. Package List:
Oracle Java for Red Hat Enterprise Linux Client (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Server (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-2940
https://access.redhat.com/security/cve/CVE-2018-2941
https://access.redhat.com/security/cve/CVE-2018-2952
https://access.redhat.com/security/cve/CVE-2018-2964
https://access.redhat.com/security/cve/CVE-2018-2973
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBW1eWoNzjgjWX9erEAQh/6Q//YC8tpdEq1e8Mkt5GiRCe1PHex5KB8RKZ
NNqG3xpqwT0mvUKAiNezHjjo66fWuMO1glPAaBXLsfuIKT92dE/Ri4YhVedXE4cM
o5T6pTJoWU/tU7Xo3AkkQ5TSc5M6zr34i4Lt3Og8P5IA2QASna3Ug+kHIR8rJLMK
a4RBJ3WdOjh9C/41GUSU1iAlzf5OAoBZbQO3sMm9uQZiWLN/ZMnEBpTmvFY3FMV4
W9MDdfkg+2vCu9XmnPuCfQb6+sNsxCWBiGb/kNyTuu5ubYeqDwSXPPh8jkKfoY/0
ZQm63fqtClRhkBWCHwltMI5G7zp4VBq18ECAt9U6WrzwibT1ibDqBdUVvIUh6l2/
QalDzES57Nu0H5eD4M4tkxoSJBJvRKr1u74Q7F7PGTubppf/ZdbfiU/9bnTFkx60
/4jSJs+BffVQSHXk1U0EQU5JEX8eazIBwcsMKAekOQdA1WRHR4gykC2DHckgyXEK
QBlRik79N95NGD/shmT4aKYPCsVZcX+FjCjgHqslBvUT+qQ0hSZh9wIp0KL/VaIE
Juk4A2dOFoFEMkuJ2YXco4E9j30VTPljK1+BopFK5LV2EGJVhbdtY5/wn0A6zDw1
BHI7VSOsSiX+MGRl/WrPeWzOac/BsSnk2KWE/j/tc2cb/k54LpCVQ8MUiC0GZ725
WPWp4YPhV6I=AaA9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
RedHat Enterprise Linux 7: RHSA-2018-2253 Critical: Oracle Java Update
red hat
July 24, 2018
An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Oracle Java must be restarted for this update to
take effect.
Summary
Oracle Java SE version 8 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update upgrades Oracle Java SE 8 to version 8 Update 181.
Security Fix(es):
* Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2
(JavaFX) (CVE-2018-2941)
* Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2
(Deployment) (CVE-2018-2964)
* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and
10.0.2 (Libraries) (CVE-2018-2940)
* OpenJDK: insufficient index validation in PatternSyntaxException
getMessage() (Concurrency, 8199547) (CVE-2018-2952)
* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and
10.0.2 (JSSE) (CVE-2018-2973)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
References
https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2941 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2964 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/updates/classification/#critical
Package List
Oracle Java for Red Hat Enterprise Linux Client (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Server (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el7.x86_64.rpm
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7):
x86_64:
java-1.8.0-oracle-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el7.x86_64.rpm
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el7.x86_64.rpm
Read the Full Advisory
Severity
critical
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2018:2253-01
Product: Oracle Java for Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2253
Issue date: 2018-07-24
Topic
An update for java-1.8.0-oracle is now available for Oracle Java for RedHat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Bugs Fixed
1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
1602142 - CVE-2018-2964 Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
1602143 - CVE-2018-2941 Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!