Red Hat Product Errata RHSA-2018:3000 - Security Advisory

Issued:: 2018-10-24
Updated:: 2018-10-24

RHSA-2018:3000 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: java-1.7.0-oracle security update

Type/Severity

Security Advisory: Critical

Topic

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 7 to version 7 Update 201.

Security Fix(es):

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169)
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149)
OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136)
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139)
OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180)
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)
libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Oracle Java must be restarted for this update to take effect.

Affected Products

Oracle Java (Restricted Maintenance) (for RHEL Server) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Server) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Client) 6 i386
Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 x86_64
Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6 i386

Fixes

BZ - 1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
BZ - 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226)
BZ - 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
BZ - 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
BZ - 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
BZ - 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)
BZ - 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)

CVEs

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Oracle Java (Restricted Maintenance) (for RHEL Server) 6

SRPM
x86_64
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: baa2196e699ac47a61920f45e7d6af9aab2b51f3195926bb54e2a5cc5a84be1a
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c88a10c4c31de5e8bf43bd2f69f92cde6e7d0288a0aed50cef4184bcb901a6e5
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c66263d2a7298a3d89c87fb34b98d2dc82213c070ec2fe4d738840019ed0f13e
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: e50900d9e06b7ccdec02674328068d1a36913393a87ddf9829d308d9e331a456
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: 587c744bcc8fcaf8b2f9f75bfcf42b7331e8a50c23d2b6a1ead07bf5d34025a4
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: fbb2a6864045f53bd9ad7b7ffc928fdbc7f91b9a9f8321803862633b21a1481f
i386
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b11f6155ebcf0546af6905bc168025afd4c343bce779598c4c0b6afab3f6ecaa
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 2b41c8eaa1e7c23539ae31a7448c931e20d1a4f15398e06894280304d2e245a5
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 54a20360c996edd2330836894339eee609c9b3621af5cf4993ecb5b88c2a3cc9
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b3dfb3040035f3e4e8bc1368e7c2e77199b3924196425136c721073d1efdc668

Oracle Java (Restricted Maintenance) (for RHEL Client) 6

SRPM
x86_64
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: baa2196e699ac47a61920f45e7d6af9aab2b51f3195926bb54e2a5cc5a84be1a
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c88a10c4c31de5e8bf43bd2f69f92cde6e7d0288a0aed50cef4184bcb901a6e5
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c66263d2a7298a3d89c87fb34b98d2dc82213c070ec2fe4d738840019ed0f13e
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: e50900d9e06b7ccdec02674328068d1a36913393a87ddf9829d308d9e331a456
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: 587c744bcc8fcaf8b2f9f75bfcf42b7331e8a50c23d2b6a1ead07bf5d34025a4
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: fbb2a6864045f53bd9ad7b7ffc928fdbc7f91b9a9f8321803862633b21a1481f
i386
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b11f6155ebcf0546af6905bc168025afd4c343bce779598c4c0b6afab3f6ecaa
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 2b41c8eaa1e7c23539ae31a7448c931e20d1a4f15398e06894280304d2e245a5
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 54a20360c996edd2330836894339eee609c9b3621af5cf4993ecb5b88c2a3cc9
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b3dfb3040035f3e4e8bc1368e7c2e77199b3924196425136c721073d1efdc668

Oracle Java (Restricted Maintenance) (for RHEL Compute Node) 6

SRPM
x86_64
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: baa2196e699ac47a61920f45e7d6af9aab2b51f3195926bb54e2a5cc5a84be1a
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c88a10c4c31de5e8bf43bd2f69f92cde6e7d0288a0aed50cef4184bcb901a6e5
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c66263d2a7298a3d89c87fb34b98d2dc82213c070ec2fe4d738840019ed0f13e
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: e50900d9e06b7ccdec02674328068d1a36913393a87ddf9829d308d9e331a456
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: 587c744bcc8fcaf8b2f9f75bfcf42b7331e8a50c23d2b6a1ead07bf5d34025a4
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: fbb2a6864045f53bd9ad7b7ffc928fdbc7f91b9a9f8321803862633b21a1481f

Oracle Java (Restricted Maintenance) (for RHEL Workstation) 6

SRPM
x86_64
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: baa2196e699ac47a61920f45e7d6af9aab2b51f3195926bb54e2a5cc5a84be1a
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c88a10c4c31de5e8bf43bd2f69f92cde6e7d0288a0aed50cef4184bcb901a6e5
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: c66263d2a7298a3d89c87fb34b98d2dc82213c070ec2fe4d738840019ed0f13e
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: e50900d9e06b7ccdec02674328068d1a36913393a87ddf9829d308d9e331a456
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: 587c744bcc8fcaf8b2f9f75bfcf42b7331e8a50c23d2b6a1ead07bf5d34025a4
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.x86_64.rpm	SHA-256: fbb2a6864045f53bd9ad7b7ffc928fdbc7f91b9a9f8321803862633b21a1481f
i386
java-1.7.0-oracle-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 5f8bee3a75cd59b7c8d358b67e86a40df702aace95cee34053a07560a1fd38e3
java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 64f4ab06207d2bf83d272daf273f542e0214ce650c9e35d7c92db38fc23b29ad
java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b11f6155ebcf0546af6905bc168025afd4c343bce779598c4c0b6afab3f6ecaa
java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 2b41c8eaa1e7c23539ae31a7448c931e20d1a4f15398e06894280304d2e245a5
java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: 54a20360c996edd2330836894339eee609c9b3621af5cf4993ecb5b88c2a3cc9
java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el6.i686.rpm	SHA-256: b3dfb3040035f3e4e8bc1368e7c2e77199b3924196425136c721073d1efdc668

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories