Red Hat Product Errata RHSA-2019:1518 - Security Advisory

Issued:: 2019-06-18
Updated:: 2019-06-18

RHSA-2019:1518 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: java-11-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)
OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1700440 - CVE-2019-2602 OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
BZ - 1700564 - CVE-2019-2684 OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
x86_64
java-11-openjdk-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: f9ab5117e253ab7e2f9cd9d71f0f1be6da22cfcead9492820873bc9cfd16d0ab
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: cd37ebbc246a5f382904731207ba094eac3701a3716ddef70664feca1e0b51fa
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 64174b358c549ca16a6258621fc5d0ce86f05f3efde847c4e66a3712b29a1c0d
java-11-openjdk-demo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: b6c9ee44fe0a7f0c3726a5437007d6c6116d5a3aa020530a38cfb22d7f187241
java-11-openjdk-devel-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 2e04e3cc14f9d59abe07e614c4fee7214ac733b857c675f0cfe386547b584f4f
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 63396f1736532f0d94f5b4b0621497b521557d27d950dcc912f91321def42ce2
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 95b65ff50cc5f6ef5d800e91fc3dee57966e7bf42a1ec64831e68ca54f8751b1
java-11-openjdk-headless-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 8b08436e5285d24f0b204de86b2e161f431a6036d6c3e1c05c2dcb6d9d53682a
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: a30aa883da0c8a6c960f99170bad389f377aef914778bed49382118464181398
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: e86d3e8d06316268e281fd2fc975260328511cad6dd90128d0da98254b6ff8f5
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: a6bd092d00a09e9d901f434a52f2a01d36a34e90fb26e6680c6a9877d45287ef
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: e71f2acd171a92029f5a7b42c6a07a7af669232e05e8a0a59a362e4105bdefa7
java-11-openjdk-jmods-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 88260bbed54ffe2748425e9ff2a1249c4f788e75dd9a72ed92a5e45f353bd77f
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: d6c9d8df75b53870af67d61a3a3286f2a9eed3333441cb77899823994259f390
java-11-openjdk-src-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 731c7d960a8bdcd248189788e6431a4cf9532fcf5304e46bddfa464d170a137a

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
s390x
java-11-openjdk-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: b628d81e4e6225624448880308f5d01b7290806525ffbd07b1abe0296fe88dee
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: f8d51dfb44a7ebeb8fd4ea3b408d7c744bd601feaf592ac5a9e5a4a5172c62cb
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: e6bd89bcbc54a9d07f6021718f2c08e02a4e1a76b61e1024342e1a56def523b1
java-11-openjdk-demo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: e21365ef66ae36f8954127bad2612b97716ae9bd913254e4ed139b1100f72ff7
java-11-openjdk-devel-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: d4cf455144792498d99bc8594cfd802069a606f21834ddcf9d1efba0cffff4c8
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: ba49be90c17e8d0257138c42b1ca0c0479e64dd62ebf50606dfb1c900dabf1e9
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: 03bc5e43e9337bcdc84a9e8d73d7c5db80bd9e9905bbbc93d46d31c45dcbc103
java-11-openjdk-headless-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: 795cdeb3f75b177aa2c75101456c4d715a3bff41a45ab0e7000ab1270307311e
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: e9127b485436047a8ebdcaa26036cf6133196859d49ce1454fea4315040433ea
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: c9cff8678067c39f450c61f75e11c7034e8f66e973612dac7f234843c6ab257c
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: d2fb39244741827ffefee9a6c27d375fea2bf425b59e86489cccd99e3179aa69
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: 9ca69436b835b81a2b93103a017b5a9b216e41c93040d5127b9e51528a8079df
java-11-openjdk-jmods-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: 98181e37794adcd2273c10b35c47904e81a2b027ae34c31b6a53c0d60ea2fa19
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: 82b55114eab94f41e323ee41c6f7b9e8e21d911107019a1d8e12fd3874c11b3f
java-11-openjdk-src-11.0.3.7-2.el8_0.s390x.rpm	SHA-256: fbb0d979ea04e32080619e2355dbe791e4b04752e47a37b1aac224c4933b2efe

Red Hat Enterprise Linux for Power, little endian 8

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
ppc64le
java-11-openjdk-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b2a917bf647909671cd3a1107b5763655992b9126af62640c8dc759dc6cfe510
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 4e02a9c98597fbe35a877c9b68f8d210a43aaa76e082b1d2355f261b58cf0334
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: e3b660bb927185d698642866f2e2f0003b717b91cee1501cc49abb5e44e172a4
java-11-openjdk-demo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 2539a8d37f7af550cec8941195a37cddc9aa3913c1bccd910751e57b58a23eae
java-11-openjdk-devel-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 6927fa31802223368e3898286356db5ddae5051183e89baa8051f7015c6d7d01
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b1e646de59d50d07553f128f8def58044893a77473be0b3dc4be90551d817a0a
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 0d895379b575a5aa21492d7a4eb517fee6039485a883d4fccfaf84cff76b7a2f
java-11-openjdk-headless-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 5862a4571d496a178a92b21a4783bded33297d513bac774266f3f99959b38e1e
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: f4ba16b6f4118536f1919793df7caf47ca44e78968a81437c8c62caae646408e
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 47614c7ea98ec54ee629875856d110f68d055c6a10a478486446381beefe51c6
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b37360218d2b496c79c61faa498564953dd4a98d8544c68223eeec8301e99d84
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: feed138c31a40ffe5631ee432562c0b7871f3867e648aba50ff2ab4a56af5336
java-11-openjdk-jmods-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: c771d9df9f667136fa5afa4960d6be5029afb44adfa0c92dfec353077fc46354
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: e946fd947241ed665a8775447c1c0119ae6af51ce6119d966495120535898593
java-11-openjdk-src-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: ae80d35f47f5a2b1791a744ba085b19f2f419c9840357a747297c93b42e404f4

Red Hat Enterprise Linux for ARM 64 8

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
aarch64
java-11-openjdk-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: b5fa3ac33a384f9889e2b163786bfb821883666079e600c61743c365067f0d97
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: a235cd3f9b2912813ee0292332a2901e22c3f11575dc47b4d0a76e651d4ebdf5
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 8b0c34fd46668261605bfbb65149ccb341bda8bba35e0420c618f0b8180a2708
java-11-openjdk-demo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 9b83f374a8104a2e17b1fad2643fd85fc56bff08e8541a193c9e984e3dee8a6e
java-11-openjdk-devel-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 64bcb52220a057f83bba07a143b8a5b3638b5dd64807b2a231e4bd4d66081c8e
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: e8e313a58abc2d233ae110ebf7218f4819e0d935fc85f8ecace0c98545dd7d2e
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 0ab81a9e8244ab34f57e5de6fbfd1681c3248e87186257ec6d0249dfb37ac88b
java-11-openjdk-headless-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 7020585997474af5202375a22f6c156b78b769b52a4f14bd0b7561154dca692e
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 3822de678bf01a350e78602a30d3120008b862d4cbb99cf5499e3dd03b306f25
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 77f6af412183aae327d470c5cef1962f0da02b59cf2ebad3c10bdd2260aa2c1e
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 24a6e807678dbd58b0ace24bbc82ff48bfbdb77269559aa4754ccab0d37bf94d
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 85000855b8e2ea44e8637e4ca7eb0744a1ad03cd4325a5377d868abff0a65f20
java-11-openjdk-jmods-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: e772302f66ceb227c4c4b40bfbe44c66c79ca1d4b7965a9ef7a3601b91fedccf
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: b4e9676cc2e9044ce6a2b64a7fb44fa47d3946cc9e0c4bfd8cfb9ad68f50f9a9
java-11-openjdk-src-11.0.3.7-2.el8_0.aarch64.rpm	SHA-256: 7c70f6dcb0954e0ea6bbbd9eba8fffad12ccadfe69709e9e9c003b307da63df6

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
ppc64le
java-11-openjdk-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b2a917bf647909671cd3a1107b5763655992b9126af62640c8dc759dc6cfe510
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 4e02a9c98597fbe35a877c9b68f8d210a43aaa76e082b1d2355f261b58cf0334
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: e3b660bb927185d698642866f2e2f0003b717b91cee1501cc49abb5e44e172a4
java-11-openjdk-demo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 2539a8d37f7af550cec8941195a37cddc9aa3913c1bccd910751e57b58a23eae
java-11-openjdk-devel-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 6927fa31802223368e3898286356db5ddae5051183e89baa8051f7015c6d7d01
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b1e646de59d50d07553f128f8def58044893a77473be0b3dc4be90551d817a0a
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 0d895379b575a5aa21492d7a4eb517fee6039485a883d4fccfaf84cff76b7a2f
java-11-openjdk-headless-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 5862a4571d496a178a92b21a4783bded33297d513bac774266f3f99959b38e1e
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: f4ba16b6f4118536f1919793df7caf47ca44e78968a81437c8c62caae646408e
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: 47614c7ea98ec54ee629875856d110f68d055c6a10a478486446381beefe51c6
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: b37360218d2b496c79c61faa498564953dd4a98d8544c68223eeec8301e99d84
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: feed138c31a40ffe5631ee432562c0b7871f3867e648aba50ff2ab4a56af5336
java-11-openjdk-jmods-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: c771d9df9f667136fa5afa4960d6be5029afb44adfa0c92dfec353077fc46354
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: e946fd947241ed665a8775447c1c0119ae6af51ce6119d966495120535898593
java-11-openjdk-src-11.0.3.7-2.el8_0.ppc64le.rpm	SHA-256: ae80d35f47f5a2b1791a744ba085b19f2f419c9840357a747297c93b42e404f4

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.3.7-2.el8_0.src.rpm	SHA-256: ecda05db9e03050baca5685b80eafc641611c57fafc5a8310ba6c141d2d6f68b
x86_64
java-11-openjdk-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: f9ab5117e253ab7e2f9cd9d71f0f1be6da22cfcead9492820873bc9cfd16d0ab
java-11-openjdk-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: cd37ebbc246a5f382904731207ba094eac3701a3716ddef70664feca1e0b51fa
java-11-openjdk-debugsource-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 64174b358c549ca16a6258621fc5d0ce86f05f3efde847c4e66a3712b29a1c0d
java-11-openjdk-demo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: b6c9ee44fe0a7f0c3726a5437007d6c6116d5a3aa020530a38cfb22d7f187241
java-11-openjdk-devel-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 2e04e3cc14f9d59abe07e614c4fee7214ac733b857c675f0cfe386547b584f4f
java-11-openjdk-devel-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 63396f1736532f0d94f5b4b0621497b521557d27d950dcc912f91321def42ce2
java-11-openjdk-devel-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 95b65ff50cc5f6ef5d800e91fc3dee57966e7bf42a1ec64831e68ca54f8751b1
java-11-openjdk-headless-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 8b08436e5285d24f0b204de86b2e161f431a6036d6c3e1c05c2dcb6d9d53682a
java-11-openjdk-headless-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: a30aa883da0c8a6c960f99170bad389f377aef914778bed49382118464181398
java-11-openjdk-headless-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: e86d3e8d06316268e281fd2fc975260328511cad6dd90128d0da98254b6ff8f5
java-11-openjdk-javadoc-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: a6bd092d00a09e9d901f434a52f2a01d36a34e90fb26e6680c6a9877d45287ef
java-11-openjdk-javadoc-zip-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: e71f2acd171a92029f5a7b42c6a07a7af669232e05e8a0a59a362e4105bdefa7
java-11-openjdk-jmods-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 88260bbed54ffe2748425e9ff2a1249c4f788e75dd9a72ed92a5e45f353bd77f
java-11-openjdk-slowdebug-debuginfo-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: d6c9d8df75b53870af67d61a3a3286f2a9eed3333441cb77899823994259f390
java-11-openjdk-src-11.0.3.7-2.el8_0.x86_64.rpm	SHA-256: 731c7d960a8bdcd248189788e6431a4cf9532fcf5304e46bddfa464d170a137a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories