Red Hat Product Errata RHSA-2018:1647 - Security Advisory
Issued:
2018-05-21
Updated:
2018-05-21

RHSA-2018:1647 - Security Advisory

Synopsis

Important: java-1.7.0-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

Red Hat Enterprise Linux Server 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: c7927c6fb747aa38917b88cdfcdb221e764476fe6f0bc4e57bb925d9e171d96d
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: f257bca55e0712630713158e742c3dd5ff13b7cf432b30a7fa0813be5f016ce7
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: ff9a3d05d95bcab3b73ab8324f81bc686b0882989e1b693bab43cbb21101cc2a
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: fd129ea0d2dd56ec28045aae7b792f2a7ede56370b29602ee254e4a52ee432ed

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: c7927c6fb747aa38917b88cdfcdb221e764476fe6f0bc4e57bb925d9e171d96d
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: f257bca55e0712630713158e742c3dd5ff13b7cf432b30a7fa0813be5f016ce7
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: ff9a3d05d95bcab3b73ab8324f81bc686b0882989e1b693bab43cbb21101cc2a
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: fd129ea0d2dd56ec28045aae7b792f2a7ede56370b29602ee254e4a52ee432ed

Red Hat Enterprise Linux Workstation 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: c7927c6fb747aa38917b88cdfcdb221e764476fe6f0bc4e57bb925d9e171d96d
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: f257bca55e0712630713158e742c3dd5ff13b7cf432b30a7fa0813be5f016ce7
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: ff9a3d05d95bcab3b73ab8324f81bc686b0882989e1b693bab43cbb21101cc2a
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: fd129ea0d2dd56ec28045aae7b792f2a7ede56370b29602ee254e4a52ee432ed

Red Hat Enterprise Linux Desktop 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: c7927c6fb747aa38917b88cdfcdb221e764476fe6f0bc4e57bb925d9e171d96d
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: f257bca55e0712630713158e742c3dd5ff13b7cf432b30a7fa0813be5f016ce7
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: ff9a3d05d95bcab3b73ab8324f81bc686b0882989e1b693bab43cbb21101cc2a
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: fd129ea0d2dd56ec28045aae7b792f2a7ede56370b29602ee254e4a52ee432ed

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm SHA-256: 47267d22eaf17c0167990d6bda3a7b08657e5742c9c7ca34eb0e0b6841b039fd
x86_64
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 067d542c1293548c2a370686ac86a2d2f9c132e174057f2f3e2f8cdedbf7baba
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 944f3ce4c80fbf501d727551761b38b43426ae7e697b3843878318b42f0085d2
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 5a885848f1feb5eaef55ec254f9c79c587372ead13e272e60ccfab77504d8146
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 2bb2d4ced113deac141ee1073fdb818bbc336804a32869765d457912776e715b
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm SHA-256: 7fbd74015fc82abb2db5d8d0c3aa0c11e8f4ac5c393df34de2c5a491d510f221
i386
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: c7927c6fb747aa38917b88cdfcdb221e764476fe6f0bc4e57bb925d9e171d96d
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: de0c783a110824de393726ec2ccf966c0a6bf91891d26d396f7a92ef7d408817
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: f257bca55e0712630713158e742c3dd5ff13b7cf432b30a7fa0813be5f016ce7
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: ff9a3d05d95bcab3b73ab8324f81bc686b0882989e1b693bab43cbb21101cc2a
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm SHA-256: 80c118afc176fa34923a81f1ef39c7852c61616e474e3b38cdd8d05fb6bd2dbd
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm SHA-256: fd129ea0d2dd56ec28045aae7b792f2a7ede56370b29602ee254e4a52ee432ed

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.