Red Hat Product Errata RHSA-2018:2256 - Security Advisory

Issued:: 2018-07-24
Updated:: 2018-07-24

RHSA-2018:2256 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: java-1.8.0-oracle security update

Type/Severity

Security Advisory: Critical

Topic

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 8 to version 8 Update 181.

Security Fix(es):

Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941)
Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment) (CVE-2018-2964)
Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Oracle Java must be restarted for this update to take effect.

Affected Products

Oracle Java (Restricted Maintenance) (for RHEL Server) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 i386

Fixes

BZ - 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
BZ - 1602142 - CVE-2018-2964 Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
BZ - 1602143 - CVE-2018-2941 Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
BZ - 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
BZ - 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)

CVEs

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Oracle Java (Restricted Maintenance) (for RHEL Server) 6

SRPM
x86_64
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 5b2a3bb7d81901591fa6446bb862b4e2b810348610c1449bae1eca4523bb247b
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 81cc329fae02a29c18c7d00f3adc90e823c6111ab64cf7e5c21e33e5b45497ad
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 586332bad18fb5edc4dde75232e3c78aa40547a5ad69dc2f7da9188367c62480
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: b3945c656bb2a6509483d0ed62226f2d5ee26e69da5005abee396301c27efd98
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 3d36dc6efbe1f7eeaac30cd6726d6d41e572023b8c591f7c76719f00419e4137
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 93022411f71ea3ef0b03d71e5be0997b7508a2308d8f5270cad600157abc00bd
i386
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 6c438fb245afa17ae0618c2ddba224c9b09182e9bfb184806ab67ab94ef0b22c
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 13f8adafbd3aee157046aafe8f7440adb7e94b0ac69f4ecb5d47015ce7aec23a
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 8d0d6473a8e91add82fc86c988a19bb8f0230d31e3c83d37ae2401e0432cb47c
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 4ed5f31c857c40b2d7377d459e964be98109a85ee09193bff4997200169add88
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: d30f655d5717002552d8785267d935a117ff1006a24cbb10bef50d06e9e0fb88
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 952bdbbe3f833da8c27ea27ce0fe8520748e2b3cccbdf74f73fe351bda410c8f

Oracle Java (Restricted Maintenance) (for RHEL Client) 6

SRPM
x86_64
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 5b2a3bb7d81901591fa6446bb862b4e2b810348610c1449bae1eca4523bb247b
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 81cc329fae02a29c18c7d00f3adc90e823c6111ab64cf7e5c21e33e5b45497ad
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 586332bad18fb5edc4dde75232e3c78aa40547a5ad69dc2f7da9188367c62480
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: b3945c656bb2a6509483d0ed62226f2d5ee26e69da5005abee396301c27efd98
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 3d36dc6efbe1f7eeaac30cd6726d6d41e572023b8c591f7c76719f00419e4137
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 93022411f71ea3ef0b03d71e5be0997b7508a2308d8f5270cad600157abc00bd
i386
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 6c438fb245afa17ae0618c2ddba224c9b09182e9bfb184806ab67ab94ef0b22c
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 13f8adafbd3aee157046aafe8f7440adb7e94b0ac69f4ecb5d47015ce7aec23a
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 8d0d6473a8e91add82fc86c988a19bb8f0230d31e3c83d37ae2401e0432cb47c
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 4ed5f31c857c40b2d7377d459e964be98109a85ee09193bff4997200169add88
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: d30f655d5717002552d8785267d935a117ff1006a24cbb10bef50d06e9e0fb88
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 952bdbbe3f833da8c27ea27ce0fe8520748e2b3cccbdf74f73fe351bda410c8f

Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6

SRPM
x86_64
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 5b2a3bb7d81901591fa6446bb862b4e2b810348610c1449bae1eca4523bb247b
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 81cc329fae02a29c18c7d00f3adc90e823c6111ab64cf7e5c21e33e5b45497ad
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 586332bad18fb5edc4dde75232e3c78aa40547a5ad69dc2f7da9188367c62480
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: b3945c656bb2a6509483d0ed62226f2d5ee26e69da5005abee396301c27efd98
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 3d36dc6efbe1f7eeaac30cd6726d6d41e572023b8c591f7c76719f00419e4137
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 93022411f71ea3ef0b03d71e5be0997b7508a2308d8f5270cad600157abc00bd

Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6

SRPM
x86_64
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 5b2a3bb7d81901591fa6446bb862b4e2b810348610c1449bae1eca4523bb247b
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 81cc329fae02a29c18c7d00f3adc90e823c6111ab64cf7e5c21e33e5b45497ad
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 586332bad18fb5edc4dde75232e3c78aa40547a5ad69dc2f7da9188367c62480
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: b3945c656bb2a6509483d0ed62226f2d5ee26e69da5005abee396301c27efd98
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 3d36dc6efbe1f7eeaac30cd6726d6d41e572023b8c591f7c76719f00419e4137
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm	SHA-256: 93022411f71ea3ef0b03d71e5be0997b7508a2308d8f5270cad600157abc00bd
i386
java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 6c438fb245afa17ae0618c2ddba224c9b09182e9bfb184806ab67ab94ef0b22c
java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 13f8adafbd3aee157046aafe8f7440adb7e94b0ac69f4ecb5d47015ce7aec23a
java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 8d0d6473a8e91add82fc86c988a19bb8f0230d31e3c83d37ae2401e0432cb47c
java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 4ed5f31c857c40b2d7377d459e964be98109a85ee09193bff4997200169add88
java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: d30f655d5717002552d8785267d935a117ff1006a24cbb10bef50d06e9e0fb88
java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm	SHA-256: 952bdbbe3f833da8c27ea27ce0fe8520748e2b3cccbdf74f73fe351bda410c8f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories