- Issued:
- 2022-10-13
- Updated:
- 2022-10-13
RHBA-2022:6851 - Bug Fix Advisory
Synopsis
copy-jdk-configs can remove empty dirs in etc if rogue symlink is placed in jdk
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
The following empty directories were deleted when updating from 1.8.0.282.b08-1.el7_9.x86_64 to 1.8.0.332.b09-1.el7_9.x86_64:
- /etc/krb5.conf.d
- /etc/cron.monthly
- /etc/cron.weekly
Something very unexpected is causing copy_jdk_configs_fixFiles to escape from /etc/java/
Add checks to prevent the code from escaping /etc/java/
Description
The following empty directories were deleted when updating from 1.8.0.282.b08-1.el7_9.x86_64 to 1.8.0.332.b09-1.el7_9.x86_64:
- /etc/krb5.conf.d
- /etc/cron.monthly
- /etc/cron.weekly
Something very unexpected is causing copy_jdk_configs_fixFiles to escape from /etc/java/<java-version>/ to /etc/ and identify and remove empty folders that are not associated with the java install.
Add checks to prevent the code from escaping /etc/java/<java-version>/.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
Fixes
- BZ - 2100617 - Upgrading OpenJDK causes /etc/ empty directories to be deleted [rhel-7.9.z]
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| x86_64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| x86_64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Workstation 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| x86_64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Desktop 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| x86_64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux for IBM z Systems 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| s390x | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux for Power, big endian 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| ppc64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux for Scientific Computing 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| x86_64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux for Power, little endian 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| ppc64le | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| s390x | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| ppc64 | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7
| SRPM | |
|---|---|
| copy-jdk-configs-3.3-11.el7_9.src.rpm | SHA-256: 3e8343bff7b2bc0e7795a9c7c9463c0cbe186f552af8b40b525629c628edc1fa |
| ppc64le | |
| copy-jdk-configs-3.3-11.el7_9.noarch.rpm | SHA-256: e6ac13b8116b09e468c0a5d4913a0e1e22af04c423c3da3b272e64c46d48e9fa |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
