Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:2575 - Security Advisory
Issued:
2018-08-28
Updated:
2018-08-28

RHSA-2018:2575 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es):

  • IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)
  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
  • IBM JDK: DoS in the java.math component (CVE-2018-1517)
  • IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)
  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)
  • OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)
  • OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code
  • BZ - 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64
  • BZ - 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64
  • BZ - 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
  • BZ - 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
  • BZ - 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)
  • BZ - 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API
  • BZ - 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework
  • BZ - 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component

CVEs

  • CVE-2016-0705
  • CVE-2017-3732
  • CVE-2017-3736
  • CVE-2018-1517
  • CVE-2018-1656
  • CVE-2018-2940
  • CVE-2018-2952
  • CVE-2018-2973
  • CVE-2018-12539

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: cdd5ea809c7008e7fd881789292b4adc6041b1e9d72c21c5814f9667c36e3d5e
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e4a2c4379dca5def573eef72ced0b8fd28a4be8741664e7baa50f40be78a18be
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 841241bf499fd4442da1b4416c2c85ac35a53a39953849b4e6a598afa3121586
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e82d34e4da2ceb1cfefc13b9453dbaaa361d8ec6c16e4d80fa552d906a47618e
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 0a425e2412d3d37e93e6e9000c20bb98e10ec617acb3de49824bd7bf6e7fa339
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e923ee2ddce81f88b9bb983a51f865cba746cdd62fd06da2ed37201815a8fef2
i386
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: b2734d838c3f69b00d22ea8ed43eef11a5c72b8623d5d6b6c8fc4593b196a2fe
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f086feec0e1e9fe5135abd7964e529ef47fad989250f8349e2de906797872ef
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f117c24697b7c1d2a6a009a8e97909f4672956b2c90b8b2fe8fe9ba3ef85027
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: f92a25611ae69a496863eb65ce353f611fca81c8296027cecf5c0b74227ae174
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 4301df188da875b8fa0b641dc8677c827ed2c61ad0bb97a74fecbf913b97c990
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 722a20801235c611016daceddd96ad0d302abd75854250e39364fdd321d39c02

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: cdd5ea809c7008e7fd881789292b4adc6041b1e9d72c21c5814f9667c36e3d5e
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e4a2c4379dca5def573eef72ced0b8fd28a4be8741664e7baa50f40be78a18be
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 841241bf499fd4442da1b4416c2c85ac35a53a39953849b4e6a598afa3121586
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e82d34e4da2ceb1cfefc13b9453dbaaa361d8ec6c16e4d80fa552d906a47618e
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 0a425e2412d3d37e93e6e9000c20bb98e10ec617acb3de49824bd7bf6e7fa339
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e923ee2ddce81f88b9bb983a51f865cba746cdd62fd06da2ed37201815a8fef2
i386
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: b2734d838c3f69b00d22ea8ed43eef11a5c72b8623d5d6b6c8fc4593b196a2fe
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f086feec0e1e9fe5135abd7964e529ef47fad989250f8349e2de906797872ef
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f117c24697b7c1d2a6a009a8e97909f4672956b2c90b8b2fe8fe9ba3ef85027
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: f92a25611ae69a496863eb65ce353f611fca81c8296027cecf5c0b74227ae174
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 4301df188da875b8fa0b641dc8677c827ed2c61ad0bb97a74fecbf913b97c990
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 722a20801235c611016daceddd96ad0d302abd75854250e39364fdd321d39c02

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: cdd5ea809c7008e7fd881789292b4adc6041b1e9d72c21c5814f9667c36e3d5e
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e4a2c4379dca5def573eef72ced0b8fd28a4be8741664e7baa50f40be78a18be
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 841241bf499fd4442da1b4416c2c85ac35a53a39953849b4e6a598afa3121586
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e82d34e4da2ceb1cfefc13b9453dbaaa361d8ec6c16e4d80fa552d906a47618e
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 0a425e2412d3d37e93e6e9000c20bb98e10ec617acb3de49824bd7bf6e7fa339
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e923ee2ddce81f88b9bb983a51f865cba746cdd62fd06da2ed37201815a8fef2
i386
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: b2734d838c3f69b00d22ea8ed43eef11a5c72b8623d5d6b6c8fc4593b196a2fe
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f086feec0e1e9fe5135abd7964e529ef47fad989250f8349e2de906797872ef
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 5f117c24697b7c1d2a6a009a8e97909f4672956b2c90b8b2fe8fe9ba3ef85027
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: f92a25611ae69a496863eb65ce353f611fca81c8296027cecf5c0b74227ae174
java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 4301df188da875b8fa0b641dc8677c827ed2c61ad0bb97a74fecbf913b97c990
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.i686.rpm SHA-256: 722a20801235c611016daceddd96ad0d302abd75854250e39364fdd321d39c02

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
s390x
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm SHA-256: 0e152a1983d49bd6ef0c51bb3acd5d4616048554e9e3ad76809b86637700bce9
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm SHA-256: d09a4d11ca84947203d23f91c53077b959186ab547ad573d1885cdcb6e41165e
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm SHA-256: 969c5887ee4bbcaea495b0dafe409318a3c283154c048269cc04e6aa27fcac0e
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm SHA-256: b608eecbf1922ded7afb4adf8e5983b77a974053e6cb17fc5945535c30729355
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm SHA-256: d61be53acaecce11bbdacae29dcc48a66a8eec96f4d5b7f8eeebabb9a699df66

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ppc64
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm SHA-256: 653432234a123e769c0016b03fe4bee81640c3372e3ef81fce5fb27d0f988962
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm SHA-256: 11a54d455b06e7793ea298dacbc19f7a749518ef133953ca60ed40dd1e2d760d
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm SHA-256: 37a581391a9745274296f5daa14fe67f12bcf3c07dafce9c1826b48dd0e9f2f8
java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm SHA-256: 1719850693a0ef26d60f3b5862b4954d97c5343fe7bfb1643c87dd5a68c8bd9f
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm SHA-256: a2a44f6dc8523b1fa1e590c74d607eeaf033f3e11fdce24d15482f60011e0020

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: cdd5ea809c7008e7fd881789292b4adc6041b1e9d72c21c5814f9667c36e3d5e
java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e4a2c4379dca5def573eef72ced0b8fd28a4be8741664e7baa50f40be78a18be
java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: 841241bf499fd4442da1b4416c2c85ac35a53a39953849b4e6a598afa3121586
java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm SHA-256: e923ee2ddce81f88b9bb983a51f865cba746cdd62fd06da2ed37201815a8fef2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter