Issued:
2019-10-21
Updated:
2019-10-21

RHSA-2019:3158 - Security Advisory

Synopsis

Moderate: java-1.7.0-openjdk security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978)
  • OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989)
  • OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945)
  • OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962)
  • OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964)
  • OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973)
  • OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981)
  • OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983)
  • OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987)
  • OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988)
  • OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992)
  • OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1760963 - CVE-2019-2964 OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)
  • BZ - 1760978 - CVE-2019-2973 OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
  • BZ - 1760980 - CVE-2019-2981 OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
  • BZ - 1760992 - CVE-2019-2999 OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)
  • BZ - 1760999 - CVE-2019-2988 OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292)
  • BZ - 1761006 - CVE-2019-2978 OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)
  • BZ - 1761146 - CVE-2019-2992 OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597)
  • BZ - 1761149 - CVE-2019-2987 OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286)
  • BZ - 1761262 - CVE-2019-2983 OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)
  • BZ - 1761266 - CVE-2019-2962 OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690)
  • BZ - 1761596 - CVE-2019-2945 OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)
  • BZ - 1761601 - CVE-2019-2989 OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)

Red Hat Enterprise Linux Server 6

SRPM
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.src.rpm SHA-256: 987210f12bbebc5b36950f47ef98b902c6ac7a22057050bb26a77e690f3f2dc4
x86_64
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 4bd784142626d5a1d8f7da46bffc505f1fd64538d705d56eac824af534c530c2
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: b71e84ff000f6391ecb741e893e1ee33d0726f38f2a02b8ae5c15d88eccca7fd
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 02e811d67320ff98fdd2595dcacb6b65b1bd4adaff3d313747e1d889b97c9084
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: c92dbd87208cff3c685861f67938ec57b97f483749042138f99e8637e2bf6650
i386
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 6a3d91283e79398126fac9554473dc9a42e30c8c33503e7116b0b226f11126f4
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7c90b841892d803b47bba5ecd3647c75fabcb101066e3d64a1320ae8ea9d4866
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: cf7499d838cb432774a4df2c89be6b724b344f8e2bcb9b2acb4aba461434e168
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 23bb81a3cc2893842ec7da0b76a0687514d61890ddd9a1b2479365161483be6d

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.src.rpm SHA-256: 987210f12bbebc5b36950f47ef98b902c6ac7a22057050bb26a77e690f3f2dc4
x86_64
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 4bd784142626d5a1d8f7da46bffc505f1fd64538d705d56eac824af534c530c2
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: b71e84ff000f6391ecb741e893e1ee33d0726f38f2a02b8ae5c15d88eccca7fd
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 02e811d67320ff98fdd2595dcacb6b65b1bd4adaff3d313747e1d889b97c9084
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: c92dbd87208cff3c685861f67938ec57b97f483749042138f99e8637e2bf6650
i386
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 6a3d91283e79398126fac9554473dc9a42e30c8c33503e7116b0b226f11126f4
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7c90b841892d803b47bba5ecd3647c75fabcb101066e3d64a1320ae8ea9d4866
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: cf7499d838cb432774a4df2c89be6b724b344f8e2bcb9b2acb4aba461434e168
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 23bb81a3cc2893842ec7da0b76a0687514d61890ddd9a1b2479365161483be6d

Red Hat Enterprise Linux Workstation 6

SRPM
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.src.rpm SHA-256: 987210f12bbebc5b36950f47ef98b902c6ac7a22057050bb26a77e690f3f2dc4
x86_64
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 4bd784142626d5a1d8f7da46bffc505f1fd64538d705d56eac824af534c530c2
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: b71e84ff000f6391ecb741e893e1ee33d0726f38f2a02b8ae5c15d88eccca7fd
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 02e811d67320ff98fdd2595dcacb6b65b1bd4adaff3d313747e1d889b97c9084
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: c92dbd87208cff3c685861f67938ec57b97f483749042138f99e8637e2bf6650
i386
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 6a3d91283e79398126fac9554473dc9a42e30c8c33503e7116b0b226f11126f4
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7c90b841892d803b47bba5ecd3647c75fabcb101066e3d64a1320ae8ea9d4866
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: cf7499d838cb432774a4df2c89be6b724b344f8e2bcb9b2acb4aba461434e168
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 23bb81a3cc2893842ec7da0b76a0687514d61890ddd9a1b2479365161483be6d

Red Hat Enterprise Linux Desktop 6

SRPM
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.src.rpm SHA-256: 987210f12bbebc5b36950f47ef98b902c6ac7a22057050bb26a77e690f3f2dc4
x86_64
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 4bd784142626d5a1d8f7da46bffc505f1fd64538d705d56eac824af534c530c2
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: b71e84ff000f6391ecb741e893e1ee33d0726f38f2a02b8ae5c15d88eccca7fd
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 02e811d67320ff98fdd2595dcacb6b65b1bd4adaff3d313747e1d889b97c9084
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: c92dbd87208cff3c685861f67938ec57b97f483749042138f99e8637e2bf6650
i386
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 6a3d91283e79398126fac9554473dc9a42e30c8c33503e7116b0b226f11126f4
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7e9f3be82f27ecb3db6c5a8688048a4300169a03260e04beee5f5cc42ca3d599
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 7c90b841892d803b47bba5ecd3647c75fabcb101066e3d64a1320ae8ea9d4866
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: cf7499d838cb432774a4df2c89be6b724b344f8e2bcb9b2acb4aba461434e168
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.i686.rpm SHA-256: 23bb81a3cc2893842ec7da0b76a0687514d61890ddd9a1b2479365161483be6d

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.src.rpm SHA-256: 987210f12bbebc5b36950f47ef98b902c6ac7a22057050bb26a77e690f3f2dc4
x86_64
java-1.7.0-openjdk-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 4bd784142626d5a1d8f7da46bffc505f1fd64538d705d56eac824af534c530c2
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-debuginfo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 0d8d23a6dfdd6978e10df02e0176583164ef446c9de2f07b69ce891015159ace
java-1.7.0-openjdk-demo-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: b71e84ff000f6391ecb741e893e1ee33d0726f38f2a02b8ae5c15d88eccca7fd
java-1.7.0-openjdk-devel-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: 02e811d67320ff98fdd2595dcacb6b65b1bd4adaff3d313747e1d889b97c9084
java-1.7.0-openjdk-javadoc-1.7.0.241-2.6.20.0.el6_10.noarch.rpm SHA-256: b393fbba5bdd5bd6f77d9ccab53126f5810b77eec21604ee1a6c8cb581e2629b
java-1.7.0-openjdk-src-1.7.0.241-2.6.20.0.el6_10.x86_64.rpm SHA-256: c92dbd87208cff3c685861f67938ec57b97f483749042138f99e8637e2bf6650

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.