Issued:: 2020-03-17
Updated:: 2020-03-17

RHSA-2020:0856 - Security Advisory

Overview
Updated Packages

Synopsis

Important: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR6-FP5.

Security Fix(es):

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)
OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)
OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)
OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Satellite 5.8 x86_64
Red Hat Satellite 5.8 s390x

Fixes

BZ - 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)
BZ - 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)
BZ - 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
BZ - 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite 5.8

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm	SHA-256: 8bcec1357eb873de35a5ea939824f1b19eab9b44df40cc0a282b36aa231abd5f
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.x86_64.rpm	SHA-256: d2dd9f164544e5f4805cc7604fedb086b503ea71369b8630037b558dbf18863f
s390x
java-1.8.0-ibm-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm	SHA-256: 9ad4edcbab593f0e3debcf81c9f5212f1b8d0552cddffb9d08a1edb7fc4210cf
java-1.8.0-ibm-devel-1.8.0.6.5-1jpp.1.el6_10.s390x.rpm	SHA-256: f67a20e56c768bdae89898430f168a915ebf8e526ab532b66b3f5dc08ba5fd8a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation