RedHat: RHSA-2019-1238:01 Critical: java-1.8.0-ibm security update

    Date 16 May 2019
    3758
    Posted By LinuxSecurity Advisories
    An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Critical: java-1.8.0-ibm security update
    Advisory ID:       RHSA-2019:1238-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1238
    Issue date:        2019-05-16
    CVE Names:         CVE-2018-11212 CVE-2018-12547 CVE-2018-12549 
                       CVE-2019-2422 CVE-2019-2449 CVE-2019-2602 
                       CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 
                       CVE-2019-10245 
    =====================================================================
    
    1. Summary:
    
    An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux
    8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux 8 Supplementary - ppc64le, s390x, x86_64
    
    3. Description:
    
    IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
    Java Software Development Kit.
    
    This update upgrades IBM Java SE 8 to version 8 SR5-FP35.
    
    Security Fix(es):
    
    * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
    (CVE-2018-12547)
    
    * IBM JDK: missing null check when accelerating Unsafe calls
    (CVE-2018-12549)
    
    * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)
    (CVE-2019-2697)
    
    * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D,
    8219022) (CVE-2019-2698)
    
    * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    (CVE-2019-2422)
    
    * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
    (CVE-2019-2602)
    
    * OpenJDK: Incorrect skeleton selection in RMI registry server-side
    dispatch handling (RMI, 8218453) (CVE-2019-2684)
    
    * IBM JDK: Read beyond the end of bytecode array causing JVM crash
    (CVE-2019-10245)
    
    * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c
    (CVE-2018-11212)
    
    * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment)
    (CVE-2019-2449)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    All running instances of IBM Java must be restarted for this update to take
    effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1579973 - CVE-2018-11212 libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c
    1665945 - CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
    1685601 - CVE-2019-2449 Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment)
    1685611 - CVE-2018-12547 IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
    1685717 - CVE-2018-12549 IBM JDK: missing null check when accelerating Unsafe calls
    1700440 - CVE-2019-2602 OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
    1700447 - CVE-2019-2698 OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)
    1700564 - CVE-2019-2684 OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
    1704480 - CVE-2019-2697 Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D)
    1704799 - CVE-2019-10245 IBM JDK: Read beyond the end of bytecode array causing JVM crash
    
    6. Package List:
    
    Red Hat Enterprise Linux 8 Supplementary:
    
    ppc64le:
    java-1.8.0-ibm-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-demo-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-devel-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-headless-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-jdbc-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-plugin-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-src-1.8.0.5.35-3.el8_0.ppc64le.rpm
    java-1.8.0-ibm-webstart-1.8.0.5.35-3.el8_0.ppc64le.rpm
    
    s390x:
    java-1.8.0-ibm-1.8.0.5.35-3.el8_0.s390x.rpm
    java-1.8.0-ibm-demo-1.8.0.5.35-3.el8_0.s390x.rpm
    java-1.8.0-ibm-devel-1.8.0.5.35-3.el8_0.s390x.rpm
    java-1.8.0-ibm-headless-1.8.0.5.35-3.el8_0.s390x.rpm
    java-1.8.0-ibm-jdbc-1.8.0.5.35-3.el8_0.s390x.rpm
    java-1.8.0-ibm-src-1.8.0.5.35-3.el8_0.s390x.rpm
    
    x86_64:
    java-1.8.0-ibm-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-demo-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-devel-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-headless-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-jdbc-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-plugin-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-src-1.8.0.5.35-3.el8_0.x86_64.rpm
    java-1.8.0-ibm-webstart-1.8.0.5.35-3.el8_0.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-11212
    https://access.redhat.com/security/cve/CVE-2018-12547
    https://access.redhat.com/security/cve/CVE-2018-12549
    https://access.redhat.com/security/cve/CVE-2019-2422
    https://access.redhat.com/security/cve/CVE-2019-2449
    https://access.redhat.com/security/cve/CVE-2019-2602
    https://access.redhat.com/security/cve/CVE-2019-2684
    https://access.redhat.com/security/cve/CVE-2019-2697
    https://access.redhat.com/security/cve/CVE-2019-2698
    https://access.redhat.com/security/cve/CVE-2019-10245
    https://access.redhat.com/security/updates/classification/#critical
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXN1k9dzjgjWX9erEAQilGw//bkJtaeTtXfCC0WXGQ1nZOfS+7mdRCBjJ
    1LGE23v0NhU4QLCUSwU+UALka+kCE4oFpXESzBluercHOd0G2QetWRpKG8MFT8R1
    6rNTwbLm/VyrIsgb4kHFOXbC/rp6csRQtGk5Hl4do9f7PK7D4jray9Y1VsBUmefs
    U+NBGcMCDqMFpAAGCAPqtTRMPiDUC2DYC6aE3UJo3E398AP/t3Xt0wIn+4i03nm/
    Ml3ATGZ7YzAjHu849hFFK0aPoxtUoqWwbln7p1JVKk6YlcXvnAVSrIHR65/WyTd+
    DDUwBCbr1UasM4KpaQQDLMFZRGpdQpCu5ReUv1CErVWPrVsIfx0J+AZw30mWwIOs
    LsIwgDzEkb508kqPBLC/g7xyfy/4Nr9EhbboOLr0ABbzQBreIcDmMCg1ZZGcTwHU
    zzE1KMziBTzudatqmdbzIB0jPRKExe2xnCH0/vFYkH/rJkCz3etPCVybdbnTfwS4
    Sb/sKSzb6Bvir57VPW9tjiLjtUuFd44PsPB1MtoEQCSNr8VkP0jM8Jn0Vk165jOI
    kaLNIliPEiw9sFxXTsggQQ8lBs6yWlFrbmRnETKQzXPQvI4hva4zPoX6KncSGNkd
    xn5z2vX7/gxJTdkh0/l6Cfg911YGb+zBeBxX3iSkhEyyXzCfMnALiorZeg4pshsG
    qQh+AOS5sZk=
    =fYlA
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":65,"resources":[]},{"id":"121","title":"No ","votes":"7","type":"x","order":"2","pct":35,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.