RedHat: RHSA-2019-2737:01 Important: java-1.8.0-ibm security update

    Date11 Sep 2019
    CategoryRed Hat
    196
    Posted ByLinuxSecurity Advisories
    An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: java-1.8.0-ibm security update
    Advisory ID:       RHSA-2019:2737-01
    Product:           Red Hat Satellite
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2737
    Issue date:        2019-09-11
    CVE Names:         CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 
                       CVE-2019-2816 CVE-2019-7317 CVE-2019-11772 
                       CVE-2019-11775 
    =====================================================================
    
    1. Summary:
    
    An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64
    
    3. Description:
    
    IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
    Java Software Development Kit.
    
    This update upgrades IBM Java SE 8 to version 8 SR5-FP40.
    
    Security Fix(es):
    
    * IBM JDK: Out-of-bounds access in the String.getBytes method
    (CVE-2019-11772)
    
    * IBM JDK: Failure to privatize a value pulled out of the loop by
    versioning (CVE-2019-11775)
    
    * OpenJDK: Insufficient checks of suppressed exceptions in deserialization
    (Utilities, 8212328) (CVE-2019-2762)
    
    * OpenJDK: Unbounded memory allocation during deserialization in
    Collections (Utilities, 8213432) (CVE-2019-2769)
    
    * OpenJDK: Missing URL format validation (Networking, 8221518)
    (CVE-2019-2816)
    
    * OpenJDK: Insufficient restriction of privileges in AccessController
    (Security, 8216381) (CVE-2019-2786)
    
    * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c
    1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)
    1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518)
    1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)
    1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)
    1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method
    1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning
    
    6. Package List:
    
    Red Hat Satellite 5.8 (RHEL v.6):
    
    s390x:
    java-1.8.0-ibm-1.8.0.5.40-1jpp.1.el6_10.s390x.rpm
    java-1.8.0-ibm-devel-1.8.0.5.40-1jpp.1.el6_10.s390x.rpm
    
    x86_64:
    java-1.8.0-ibm-1.8.0.5.40-1jpp.1.el6_10.x86_64.rpm
    java-1.8.0-ibm-devel-1.8.0.5.40-1jpp.1.el6_10.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-2762
    https://access.redhat.com/security/cve/CVE-2019-2769
    https://access.redhat.com/security/cve/CVE-2019-2786
    https://access.redhat.com/security/cve/CVE-2019-2816
    https://access.redhat.com/security/cve/CVE-2019-7317
    https://access.redhat.com/security/cve/CVE-2019-11772
    https://access.redhat.com/security/cve/CVE-2019-11775
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXXkN19zjgjWX9erEAQh/fg/9HFMBddvgH3NO7oY+Of9OO2bPeS8/P6BF
    LaupsMXf16Y8KZkFfOt6Gd2jFkXKkfhaRtF0fXzy95cl2UR9Rbhy3iU8Lscw954f
    MoLTXSsRLXYiu7FI78ZJhYKxskipJw9WWVnxNb5Agxkh+tuTQ1xWgL2n3XD9fpxr
    9+S2h2Btau3I4VPVSECmgjat7j5wTZun2B4ptKThTWk8zMs79ZfuFugkXbvcD1kp
    6ZQt4JtAmtQsKH9rCXsc9mPRea/XTBd5zZs28Gty7XVfSjgNSAG+hiQTcIKTN+Yg
    zfvEFvj6r+vGN5gekVc2BktMN2RdRusH45uj3Mk73gHRD883gB8Vndt0KRXRlTef
    Ghe3tD4c3RLyQdYhORmkNVp5jtMtGDoGNO8VpBXdWXjGpi/RzS/3LlKX3inZ+b6U
    8KnnO50YkdMV7J37ll+RdrS93IBXqRstzpnwUZ48J5zBff5MAa/1ZDDuDpsefXz/
    JEIjEZ+DEiMFllKDD1E48nsI8Cz03Y5m5Lj5MloNdxda6ZAzRNTOsL2caoDiSz+R
    CioMmOSs4NW870hGSzA6O239OIA3IYMhuucLiYu8rh67rBrwA27fIt0cNcR+Ixsw
    bR3M52/LZdJzx6aV4Z5pDAj2dbuYzvUE9Y5Upk51mCl94bA7OmRV3oLn62B32SsB
    mbahXGlbEcQ=
    =jy51
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.