Red Hat Product Errata RHSA-2018:0458 - Security Advisory
Issued:
2018-03-07
Updated:
2018-03-07

RHSA-2018:0458 - Security Advisory

Synopsis

Important: java-1.7.1-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.

Security Fix(es):

  • OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)
  • OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)
  • OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)
  • OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)
  • OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)
  • OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)
  • OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)
  • OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)
  • OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)
  • OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)
  • Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)
  • OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)
  • OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)
  • OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)
  • OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le

Fixes

  • BZ - 1534263 - CVE-2018-2678 OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
  • BZ - 1534288 - CVE-2018-2677 OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289)
  • BZ - 1534296 - CVE-2018-2663 OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)
  • BZ - 1534298 - CVE-2018-2579 OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)
  • BZ - 1534299 - CVE-2018-2588 OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
  • BZ - 1534525 - CVE-2018-2602 OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
  • BZ - 1534543 - CVE-2018-2599 OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)
  • BZ - 1534553 - CVE-2018-2603 OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
  • BZ - 1534762 - CVE-2018-2618 OpenJDK: insufficient strength of key agreement (JCE, 8185292)
  • BZ - 1534766 - CVE-2018-2641 OpenJDK: GTK library loading use-after-free (AWT, 8185325)
  • BZ - 1534768 - CVE-2018-2582 OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962)
  • BZ - 1534943 - CVE-2018-2634 OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)
  • BZ - 1534970 - CVE-2018-2637 OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
  • BZ - 1535036 - CVE-2018-2633 OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)
  • BZ - 1535353 - CVE-2018-2657 Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)

Red Hat Enterprise Linux Server 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: e32445fdcd36fedd6ff74be8184b3b211381a726e75fbaf2edc45a29a6000182
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 4cc9df037589fb1807ad7d7c6092208743c0008ab1b47bf4a2d3cb708d7750bc
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: b99e93af9b7b77846b85ea6ca3708ce022d77f0a623857991c525e46d1b5a576
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: 695c3ad7f74c29dcc66f76da175ba90789fd31c1a537515bc6c9c5406b688b19
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e3706b469d9fb17eb406efe110377be063103e1a1fde7ca5e445feef4214a001
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 415191e535d2e207b45af6c0cc1b472f9d5193a9558632bb528c67670e2980a3
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e8d5bb43ddbc41a549dc39b6163fa4e144ec3f7d1e4246c60e681b60c747f180
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 41914bff22fe7c659f968ceee4f4330d0422e05201fbfacdaee4d3a05e13a5a3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: e32445fdcd36fedd6ff74be8184b3b211381a726e75fbaf2edc45a29a6000182
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 4cc9df037589fb1807ad7d7c6092208743c0008ab1b47bf4a2d3cb708d7750bc
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: b99e93af9b7b77846b85ea6ca3708ce022d77f0a623857991c525e46d1b5a576
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: 695c3ad7f74c29dcc66f76da175ba90789fd31c1a537515bc6c9c5406b688b19
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e3706b469d9fb17eb406efe110377be063103e1a1fde7ca5e445feef4214a001
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 415191e535d2e207b45af6c0cc1b472f9d5193a9558632bb528c67670e2980a3
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e8d5bb43ddbc41a549dc39b6163fa4e144ec3f7d1e4246c60e681b60c747f180
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 41914bff22fe7c659f968ceee4f4330d0422e05201fbfacdaee4d3a05e13a5a3

Red Hat Enterprise Linux Workstation 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: e32445fdcd36fedd6ff74be8184b3b211381a726e75fbaf2edc45a29a6000182
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 4cc9df037589fb1807ad7d7c6092208743c0008ab1b47bf4a2d3cb708d7750bc
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: b99e93af9b7b77846b85ea6ca3708ce022d77f0a623857991c525e46d1b5a576
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: 695c3ad7f74c29dcc66f76da175ba90789fd31c1a537515bc6c9c5406b688b19
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e3706b469d9fb17eb406efe110377be063103e1a1fde7ca5e445feef4214a001
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 415191e535d2e207b45af6c0cc1b472f9d5193a9558632bb528c67670e2980a3
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e8d5bb43ddbc41a549dc39b6163fa4e144ec3f7d1e4246c60e681b60c747f180
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 41914bff22fe7c659f968ceee4f4330d0422e05201fbfacdaee4d3a05e13a5a3

Red Hat Enterprise Linux Desktop 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: e32445fdcd36fedd6ff74be8184b3b211381a726e75fbaf2edc45a29a6000182
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 4cc9df037589fb1807ad7d7c6092208743c0008ab1b47bf4a2d3cb708d7750bc
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: b99e93af9b7b77846b85ea6ca3708ce022d77f0a623857991c525e46d1b5a576
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: 695c3ad7f74c29dcc66f76da175ba90789fd31c1a537515bc6c9c5406b688b19
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e3706b469d9fb17eb406efe110377be063103e1a1fde7ca5e445feef4214a001
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 415191e535d2e207b45af6c0cc1b472f9d5193a9558632bb528c67670e2980a3
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e8d5bb43ddbc41a549dc39b6163fa4e144ec3f7d1e4246c60e681b60c747f180
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 41914bff22fe7c659f968ceee4f4330d0422e05201fbfacdaee4d3a05e13a5a3

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
s390x
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.s390.rpm SHA-256: 8e3c98b2b84a0350d4b1226758e8383db9e5953c9c627563f50aa5892d801e4f
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: e477f9e8a2fd173d7f87100a13b491bfb4e921fcfd5977c60b1576c79b201c09
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 8d7514e660ff601c2b6e9b76f94d8c6b181c3729e169b70fef88fc3e5d7c75c3
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.s390.rpm SHA-256: c13271e766f64208a3509221f8d7935786027b294e17636530b873de3fc13736
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 8651b969c821c528118cad648d6afdf7c97d9656e68e39ef09380f17d0b74081
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 2638501010447a55239bdacbe35d961899f09b62d9365d654605b432d427459d
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 9854af41fe25a76144204516e9708c1c05009c05ea800db62c6d8e5d1ed8186d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
s390x
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.s390.rpm SHA-256: 8e3c98b2b84a0350d4b1226758e8383db9e5953c9c627563f50aa5892d801e4f
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: e477f9e8a2fd173d7f87100a13b491bfb4e921fcfd5977c60b1576c79b201c09
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 8d7514e660ff601c2b6e9b76f94d8c6b181c3729e169b70fef88fc3e5d7c75c3
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.s390.rpm SHA-256: c13271e766f64208a3509221f8d7935786027b294e17636530b873de3fc13736
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 8651b969c821c528118cad648d6afdf7c97d9656e68e39ef09380f17d0b74081
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 2638501010447a55239bdacbe35d961899f09b62d9365d654605b432d427459d
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.s390x.rpm SHA-256: 9854af41fe25a76144204516e9708c1c05009c05ea800db62c6d8e5d1ed8186d

Red Hat Enterprise Linux for Power, big endian 7

SRPM
ppc64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: d876c933fb568f3a44bd48097f90468bcfb89ce106e05b48d6d5c8205a088b7a
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: a9fe8deb61e56d4fddfbfe036a280b2796898e99bf3d4740e4882cc3fb064f27
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 3de46266129b00c766cb8d10d2d51f222892fea5c4023e81316c7e574d1cb1c8
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: b40610f9327b23e11a636412275ab7ee8df1aa1afa94196bb7d42b44a1e9f207
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 647171a8b976e2cd6c69cd38da8fa5f7f7cf59c99514f1809aaaca590768172b
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 722fe96c51c8fd30eb3a90e520108827a624eebf17bdd8e03d48b0c735fc2318
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: 42280573a443f882601889847f3a68e9702323cfe9b8d8fefc146fc4c1f4351a
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: e7888e8cbec8dba92b21155629424b87d352f82cf620007dc15160e4970a1cca

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
ppc64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: d876c933fb568f3a44bd48097f90468bcfb89ce106e05b48d6d5c8205a088b7a
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: a9fe8deb61e56d4fddfbfe036a280b2796898e99bf3d4740e4882cc3fb064f27
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 3de46266129b00c766cb8d10d2d51f222892fea5c4023e81316c7e574d1cb1c8
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: b40610f9327b23e11a636412275ab7ee8df1aa1afa94196bb7d42b44a1e9f207
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 647171a8b976e2cd6c69cd38da8fa5f7f7cf59c99514f1809aaaca590768172b
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: 722fe96c51c8fd30eb3a90e520108827a624eebf17bdd8e03d48b0c735fc2318
java-1.7.1-ibm-plugin-1.7.1.4.20-1jpp.1.el7.ppc.rpm SHA-256: 42280573a443f882601889847f3a68e9702323cfe9b8d8fefc146fc4c1f4351a
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.ppc64.rpm SHA-256: e7888e8cbec8dba92b21155629424b87d352f82cf620007dc15160e4970a1cca

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: e32445fdcd36fedd6ff74be8184b3b211381a726e75fbaf2edc45a29a6000182
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 4cc9df037589fb1807ad7d7c6092208743c0008ab1b47bf4a2d3cb708d7750bc
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: b99e93af9b7b77846b85ea6ca3708ce022d77f0a623857991c525e46d1b5a576
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.i686.rpm SHA-256: 695c3ad7f74c29dcc66f76da175ba90789fd31c1a537515bc6c9c5406b688b19
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: e3706b469d9fb17eb406efe110377be063103e1a1fde7ca5e445feef4214a001
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.x86_64.rpm SHA-256: 41914bff22fe7c659f968ceee4f4330d0422e05201fbfacdaee4d3a05e13a5a3

Red Hat Enterprise Linux for Power, little endian 7

SRPM
ppc64le
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 75311e504537e471a0a8501aa769fc9e1d817095bcd581100b6f6da691592bda
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 16c2b2789f621940466bb6b8c497eab86cf1d379d227ad74798e0ff508fc69b9
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 346ceca8b59774af620ae8c4d9aa8ae5f9d5069d1642a566c50803c79750b3df
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 5dc1c8eb49a1113b579fdd22a06c5e32caf311d993e62de4fc2f0b00fc8f3488
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 0e7397523d593a2e598a0e16c53ac38d219bece1b034f401d044a8fe3c1b8d95

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
ppc64le
java-1.7.1-ibm-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 75311e504537e471a0a8501aa769fc9e1d817095bcd581100b6f6da691592bda
java-1.7.1-ibm-demo-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 16c2b2789f621940466bb6b8c497eab86cf1d379d227ad74798e0ff508fc69b9
java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 346ceca8b59774af620ae8c4d9aa8ae5f9d5069d1642a566c50803c79750b3df
java-1.7.1-ibm-jdbc-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 5dc1c8eb49a1113b579fdd22a06c5e32caf311d993e62de4fc2f0b00fc8f3488
java-1.7.1-ibm-src-1.7.1.4.20-1jpp.1.el7.ppc64le.rpm SHA-256: 0e7397523d593a2e598a0e16c53ac38d219bece1b034f401d044a8fe3c1b8d95

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.