Red Hat Product Errata RHSA-2018:3409 - Security Advisory

Issued:: 2018-10-30
Updated:: 2018-10-30

RHSA-2018:3409 - Security Advisory

Overview
Updated Packages

Synopsis

Important: java-1.7.0-openjdk security update

Type/Severity

Security Advisory: Important

Topic

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169)
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149)
OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136)
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139)
OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180)
OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

BZ - 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226)
BZ - 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
BZ - 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
BZ - 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
BZ - 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)
BZ - 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.src.rpm	SHA-256: 817262ae261320b71a1b1fcc5d0ef32b56917fef273d53d3439973c63064a648
x86_64
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: dc5ac50d4663034af24e572e5b980501490dfad29ce06d9661a5193d46e3505c
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 314e807a3501a8220a0d6d8c3efac5bd31d929b112f1971b0944972a91ae1245
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 51007e1c25bb5c4d7ea71359d6c98880f259e4abb4fe224c1ac63ffdc1b347c5
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 170c895a3db5e82d57dc16feff75f2479ca0f38a124dd439b87ffe8d6b3d1297
i386
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 06a778c77045f22a2db50c16379d0d28ae565665a92ab9357ea79bd7a7234533
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5a219c20b6ed38f9464914ef52f24b97bd38f8376d0e800340c1462a03fb79b
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: ca57fc5ab39a7f8c48612c4f5683337488973e861a777c2296ecb592ae9edc11
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5b7508bbd390f61ca56a1ccafdd1d7f7d6ddd25a6da7f0610267c66a3e3580c

Red Hat Enterprise Linux Workstation 6

SRPM
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.src.rpm	SHA-256: 817262ae261320b71a1b1fcc5d0ef32b56917fef273d53d3439973c63064a648
x86_64
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: dc5ac50d4663034af24e572e5b980501490dfad29ce06d9661a5193d46e3505c
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 314e807a3501a8220a0d6d8c3efac5bd31d929b112f1971b0944972a91ae1245
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 51007e1c25bb5c4d7ea71359d6c98880f259e4abb4fe224c1ac63ffdc1b347c5
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 170c895a3db5e82d57dc16feff75f2479ca0f38a124dd439b87ffe8d6b3d1297
i386
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 06a778c77045f22a2db50c16379d0d28ae565665a92ab9357ea79bd7a7234533
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5a219c20b6ed38f9464914ef52f24b97bd38f8376d0e800340c1462a03fb79b
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: ca57fc5ab39a7f8c48612c4f5683337488973e861a777c2296ecb592ae9edc11
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5b7508bbd390f61ca56a1ccafdd1d7f7d6ddd25a6da7f0610267c66a3e3580c

Red Hat Enterprise Linux Desktop 6

SRPM
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.src.rpm	SHA-256: 817262ae261320b71a1b1fcc5d0ef32b56917fef273d53d3439973c63064a648
x86_64
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: dc5ac50d4663034af24e572e5b980501490dfad29ce06d9661a5193d46e3505c
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 314e807a3501a8220a0d6d8c3efac5bd31d929b112f1971b0944972a91ae1245
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 51007e1c25bb5c4d7ea71359d6c98880f259e4abb4fe224c1ac63ffdc1b347c5
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 170c895a3db5e82d57dc16feff75f2479ca0f38a124dd439b87ffe8d6b3d1297
i386
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 06a778c77045f22a2db50c16379d0d28ae565665a92ab9357ea79bd7a7234533
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: 0ed2584a72b412a1d0b1d593e5a2926888314a6e3950dfb252e9e0440fab222e
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5a219c20b6ed38f9464914ef52f24b97bd38f8376d0e800340c1462a03fb79b
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: ca57fc5ab39a7f8c48612c4f5683337488973e861a777c2296ecb592ae9edc11
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.i686.rpm	SHA-256: a5b7508bbd390f61ca56a1ccafdd1d7f7d6ddd25a6da7f0610267c66a3e3580c

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.src.rpm	SHA-256: 817262ae261320b71a1b1fcc5d0ef32b56917fef273d53d3439973c63064a648
x86_64
java-1.7.0-openjdk-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: dc5ac50d4663034af24e572e5b980501490dfad29ce06d9661a5193d46e3505c
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-debuginfo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 5fde8c06d39d87820e0b71955187cc085b800a2abdb48936c2915087c81bcc47
java-1.7.0-openjdk-demo-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 314e807a3501a8220a0d6d8c3efac5bd31d929b112f1971b0944972a91ae1245
java-1.7.0-openjdk-devel-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 51007e1c25bb5c4d7ea71359d6c98880f259e4abb4fe224c1ac63ffdc1b347c5
java-1.7.0-openjdk-javadoc-1.7.0.201-2.6.16.0.el6_10.noarch.rpm	SHA-256: 526c17f134d00bbcbe8d211b41fba65550d02e2453f4f757fe261562d0234a48
java-1.7.0-openjdk-src-1.7.0.201-2.6.16.0.el6_10.x86_64.rpm	SHA-256: 170c895a3db5e82d57dc16feff75f2479ca0f38a124dd439b87ffe8d6b3d1297

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories