Red Hat Product Errata RHSA-2018:1270 - Security Advisory
Issued:
2018-04-30
Updated:
2018-04-30

RHSA-2018:1270 - Security Advisory

Synopsis

Important: java-1.7.0-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)
  • OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)
  • OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)
  • OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)
  • OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)
  • OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)
  • OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)
  • OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)
  • OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)
  • OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1567121 - CVE-2018-2814 OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
  • BZ - 1567126 - CVE-2018-2794 OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
  • BZ - 1567351 - CVE-2018-2795 OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)
  • BZ - 1567537 - CVE-2018-2815 OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757)
  • BZ - 1567542 - CVE-2018-2799 OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)
  • BZ - 1567543 - CVE-2018-2798 OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989)
  • BZ - 1567545 - CVE-2018-2797 OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
  • BZ - 1567546 - CVE-2018-2796 OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981)
  • BZ - 1568163 - CVE-2018-2800 OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)
  • BZ - 1568515 - CVE-2018-2790 OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Red Hat Enterprise Linux Server 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.src.rpm SHA-256: 5bb46e89a5cd971036a1e915c208d05448291a4c4d924e82583544b878595e3d
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 93490982dd4f80a2b6fbdbe933c3ecf8aa37adcbebbe3cf77279d50870f7fd33
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 97c2318501e6d399be00db27a792362fd0a67696263ef97c00337b3dbfc73783
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 1c6cb6358f30a66ec6e3e12d0a0dac958c6fd462b940bcc2e90596bdd58e9be3
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: b080d899803e73331b17f6f324d0e402d62882db86343a76851f4dc9a5b67d9d
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 9624d54332a585014e792bf15e581f78db0113766378b0ed20f41738e9870f0c
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e60c52f640778616c10da8716ff798f9b38062e48577bbff8d3f8fb761c66780
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e2419039aef809569b0311458e5cfb5080660481723c1998df231f0c53a95783
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4f86ff45c6ab08143da3d4f987c69bf7f2adcd4198d4596ba23348d2509d696a

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.src.rpm SHA-256: 5bb46e89a5cd971036a1e915c208d05448291a4c4d924e82583544b878595e3d
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 93490982dd4f80a2b6fbdbe933c3ecf8aa37adcbebbe3cf77279d50870f7fd33
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 97c2318501e6d399be00db27a792362fd0a67696263ef97c00337b3dbfc73783
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 1c6cb6358f30a66ec6e3e12d0a0dac958c6fd462b940bcc2e90596bdd58e9be3
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: b080d899803e73331b17f6f324d0e402d62882db86343a76851f4dc9a5b67d9d
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 9624d54332a585014e792bf15e581f78db0113766378b0ed20f41738e9870f0c
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e60c52f640778616c10da8716ff798f9b38062e48577bbff8d3f8fb761c66780
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e2419039aef809569b0311458e5cfb5080660481723c1998df231f0c53a95783
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4f86ff45c6ab08143da3d4f987c69bf7f2adcd4198d4596ba23348d2509d696a

Red Hat Enterprise Linux Workstation 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.src.rpm SHA-256: 5bb46e89a5cd971036a1e915c208d05448291a4c4d924e82583544b878595e3d
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 93490982dd4f80a2b6fbdbe933c3ecf8aa37adcbebbe3cf77279d50870f7fd33
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 97c2318501e6d399be00db27a792362fd0a67696263ef97c00337b3dbfc73783
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 1c6cb6358f30a66ec6e3e12d0a0dac958c6fd462b940bcc2e90596bdd58e9be3
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: b080d899803e73331b17f6f324d0e402d62882db86343a76851f4dc9a5b67d9d
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 9624d54332a585014e792bf15e581f78db0113766378b0ed20f41738e9870f0c
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e60c52f640778616c10da8716ff798f9b38062e48577bbff8d3f8fb761c66780
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e2419039aef809569b0311458e5cfb5080660481723c1998df231f0c53a95783
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4f86ff45c6ab08143da3d4f987c69bf7f2adcd4198d4596ba23348d2509d696a

Red Hat Enterprise Linux Desktop 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.src.rpm SHA-256: 5bb46e89a5cd971036a1e915c208d05448291a4c4d924e82583544b878595e3d
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 93490982dd4f80a2b6fbdbe933c3ecf8aa37adcbebbe3cf77279d50870f7fd33
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 97c2318501e6d399be00db27a792362fd0a67696263ef97c00337b3dbfc73783
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 1c6cb6358f30a66ec6e3e12d0a0dac958c6fd462b940bcc2e90596bdd58e9be3
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: b080d899803e73331b17f6f324d0e402d62882db86343a76851f4dc9a5b67d9d
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 9624d54332a585014e792bf15e581f78db0113766378b0ed20f41738e9870f0c
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4a2670724bf2d7479c6abee13ab80d2b9273434cdbbb47ca7240261780017117
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e60c52f640778616c10da8716ff798f9b38062e48577bbff8d3f8fb761c66780
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: e2419039aef809569b0311458e5cfb5080660481723c1998df231f0c53a95783
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.i686.rpm SHA-256: 4f86ff45c6ab08143da3d4f987c69bf7f2adcd4198d4596ba23348d2509d696a

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.src.rpm SHA-256: 5bb46e89a5cd971036a1e915c208d05448291a4c4d924e82583544b878595e3d
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 93490982dd4f80a2b6fbdbe933c3ecf8aa37adcbebbe3cf77279d50870f7fd33
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: fb3276e1f236d3ab1634dea83218f87fcad8427485f29f406d4adb53d81abe27
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 97c2318501e6d399be00db27a792362fd0a67696263ef97c00337b3dbfc73783
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: 1c6cb6358f30a66ec6e3e12d0a0dac958c6fd462b940bcc2e90596bdd58e9be3
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.1.el6_9.noarch.rpm SHA-256: 918f0b50e0bac6266f4d5bc0eb538e53426b1e036f28e86516541c15d9dddc5c
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.1.el6_9.x86_64.rpm SHA-256: b080d899803e73331b17f6f324d0e402d62882db86343a76851f4dc9a5b67d9d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.