Issued:: 2019-07-23
Updated:: 2019-07-23

RHSA-2019:1840 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: java-1.7.0-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)
OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)
OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)
OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)
OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842)
OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386

Fixes

BZ - 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)
BZ - 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518)
BZ - 1730110 - CVE-2019-2842 OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)
BZ - 1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381)
BZ - 1730411 - CVE-2019-2745 OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)
BZ - 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
i386
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 8fa58631c8d99493d61d924a4d490b2262d798d93ce665e306f1040ed9796a02
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 893c7862bd86d1c24b1d4751c57354fa6db8cfabdfb81e795a5a9dc880b63d19
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: aff837af8e71cf3961c51809c13037d4d0035f5d8e96762097e1060a16d6869b
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: b51f7fdb898ce011703ea28a077b49502eb65344a1c1c00c4702a5574411c6b2

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
i386
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 8fa58631c8d99493d61d924a4d490b2262d798d93ce665e306f1040ed9796a02
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 893c7862bd86d1c24b1d4751c57354fa6db8cfabdfb81e795a5a9dc880b63d19
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: aff837af8e71cf3961c51809c13037d4d0035f5d8e96762097e1060a16d6869b
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: b51f7fdb898ce011703ea28a077b49502eb65344a1c1c00c4702a5574411c6b2

Red Hat Enterprise Linux Workstation 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
i386
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 8fa58631c8d99493d61d924a4d490b2262d798d93ce665e306f1040ed9796a02
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 893c7862bd86d1c24b1d4751c57354fa6db8cfabdfb81e795a5a9dc880b63d19
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: aff837af8e71cf3961c51809c13037d4d0035f5d8e96762097e1060a16d6869b
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: b51f7fdb898ce011703ea28a077b49502eb65344a1c1c00c4702a5574411c6b2

Red Hat Enterprise Linux Desktop 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
i386
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 8fa58631c8d99493d61d924a4d490b2262d798d93ce665e306f1040ed9796a02
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 893c7862bd86d1c24b1d4751c57354fa6db8cfabdfb81e795a5a9dc880b63d19
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: aff837af8e71cf3961c51809c13037d4d0035f5d8e96762097e1060a16d6869b
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: b51f7fdb898ce011703ea28a077b49502eb65344a1c1c00c4702a5574411c6b2

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.src.rpm	SHA-256: 921581fbd20867be3da2daced6c256add23892967e2f1da49be331575f069a14
x86_64
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: d8e3077b2828c2661a2f29a33784e97fd77c7316b7758cb1e21c0c05c757dae0
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 0412fe0b8b6894aaf5ecc2afbae9c5b5183d260b85faacbc1d2b33dbd8e036c8
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 2951d380004488afc60c04490d41ef4f9f83fe1a0ea74db8cd239f167c7b2707
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: efbfd85e87e2dba95849c0ad385e10a3998c8c7b29a141d24486b50639e85c01
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.x86_64.rpm	SHA-256: 7682e887e0d9fec813f772f50d3d7795a68ac71a3aa000bf50093631a6efef77
i386
java-1.7.0-openjdk-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 8fa58631c8d99493d61d924a4d490b2262d798d93ce665e306f1040ed9796a02
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-debuginfo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 93544de3a879cc723da11dd684adfc73badce73dac01ff71fb267f0429a5d224
java-1.7.0-openjdk-demo-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: 893c7862bd86d1c24b1d4751c57354fa6db8cfabdfb81e795a5a9dc880b63d19
java-1.7.0-openjdk-devel-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: aff837af8e71cf3961c51809c13037d4d0035f5d8e96762097e1060a16d6869b
java-1.7.0-openjdk-javadoc-1.7.0.231-2.6.19.1.el6_10.noarch.rpm	SHA-256: b760c3661d3445fd197a8abbc7913157d43ff498d8da130d25e2e85e4a77c050
java-1.7.0-openjdk-src-1.7.0.231-2.6.19.1.el6_10.i686.rpm	SHA-256: b51f7fdb898ce011703ea28a077b49502eb65344a1c1c00c4702a5574411c6b2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation