Red Hat Satellite: RHSA-2020-0856-01 Important Java Update
Mar 17, 2020
•
LinuxSecurity Advisories
2 - 4 min read
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.8.0-ibm security update
Advisory ID: RHSA-2020:0856-01
Product: Red Hat Satellite
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0856
Issue date: 2020-03-17
CVE Names: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604
CVE-2020-2659
====================================================================
1. Summary:
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64
3. Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR6-FP5.
Security Fix(es):
* OpenJDK: Serialization filter changes via jdk.serialFilter property
modification (Serialization, 8231422) (CVE-2020-2604)
* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization
issues (Networking, 8228548) (CVE-2020-2593)
* OpenJDK: Incorrect exception processing during deserialization in
BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)
* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in
DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)
1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)
1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
6. Package List:
Red Hat Satellite 5.8 (RHEL v.6):
s390x:
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm
x86_64:
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-2583
https://access.redhat.com/security/cve/CVE-2020-2593
https://access.redhat.com/security/cve/CVE-2020-2604
https://access.redhat.com/security/cve/CVE-2020-2659
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXnDMrtzjgjWX9erEAQjNfA//fj9vCx6drsguClX7ZZPIi2/c7r4iyxRx
swlYAZnOwkaFCIbeCklR3C524vKQw6e9wY1em2R5407A7VekqwxQcWozTdTBG0+x
PNfHQ6PB+AhgrjcAJhBAef2LN6uATehoa3ZIpj6W/a1bug+QQ0TmHBpDuSABJeVd
CxOAxpOwngItXOxWPDh/XsUN8Dg4znPPA8EsnOMWXOqz3TUySNWVwehfU0kt/jUc
vltLg5o4gWaTG5BYhJ6pKotG9UrCmoxqvnzz/FtVAl+OTojciQZm07p3idNAHb2S
0Y7J6u9uK/pZoY+udvrn2HZGdOYsnQ3+ylHcsYMW+0ljYJxaiNTmzysC7ip+0z3X
AtT92JbR72rfUZad+VzijqMmv7RM79u8RdtAe9dz0jARJOtSFlUryFnr7PWSwEnR
shuj8/gYJfQD9lBrU1n76DcNNgQuYHuAa+SU086txWOpf9e45W24jk3waeo6mmjD
kgEz/Sx3KGeSaF1fPmrtP+WnuN7nVE3kCJzt4+5er/MTOhSG/x1sqMT6eT7HmXAH
W7/vFG9nF06I1hvResCMjBX9IErXojFJcmir/GQBqLds59JRuWSvhXfl9hFxwy9d
r9HfGPcFbzYiKgcbuugPJdlAIoRlCDAcsr6Sc6DQwv7c5C003BoQlYdKRSckIbfv
PfU24hFaSOQ=FICx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Red Hat Satellite: RHSA-2020-0856-01 Important Java Update
red hat
March 17, 2020
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR6-FP5.
Security Fix(es):
* OpenJDK: Serialization filter changes via jdk.serialFilter property
modification (Serialization, 8231422) (CVE-2020-2604)
* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization
issues (Networking, 8228548) (CVE-2020-2593)
* OpenJDK: Incorrect exception processing during deserialization in
BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)
* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in
DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Satellite 5.8 (RHEL v.6):
s390x:
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm
x86_64:
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:0856-01
Product: Red Hat Satellite
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0856
Issue date: 2020-03-17
Topic
An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64
Bugs Fixed
1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)
1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)
1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!