Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:3098 - Security Advisory
Issued:
2020-07-22
Updated:
2020-07-22

RHSA-2020:3098 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
  • OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
  • OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556)
  • OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239) (CVE-2020-14562)
  • OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867) (CVE-2020-14573)
  • OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
  • OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

  • BZ - 1856448 - CVE-2020-14583 OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)
  • BZ - 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)
  • BZ - 1856810 - CVE-2020-14562 OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)
  • BZ - 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
  • BZ - 1856896 - CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)
  • BZ - 1856951 - CVE-2020-14573 OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)
  • BZ - 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

CVEs

  • CVE-2020-14556
  • CVE-2020-14562
  • CVE-2020-14573
  • CVE-2020-14577
  • CVE-2020-14583
  • CVE-2020-14593
  • CVE-2020-14621

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.8.10-0.el8_0.src.rpm SHA-256: 9a510ca64f732f22f175cd1f34fa5029aa145dc6d0597473e44e957a49e312ea
ppc64le
java-11-openjdk-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: f32d1bb9ce9c49cc40121d37b527b0e0388688f1dbb11244360d388bc97ad362
java-11-openjdk-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 743c819d1ad031f143ff1b023401d7ea0f246669c08ca1a89e1b80c51c0cbb23
java-11-openjdk-debugsource-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 64e25641b5493cf46fb54d93b9238539ff949018b7f592b82ae09f20059bee5a
java-11-openjdk-demo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: a202ef134886f3213304d182594bd07e89518c86cb1cc6553b44b532ab1106fd
java-11-openjdk-devel-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 36a870b8f5bf91295129952032b8f71aeaf0975b7f21ae6863697b4ae2dbe230
java-11-openjdk-devel-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 99331f5fca16ead6afc42801252fe5f95592fd8d50b464c99bbeba2a88da5f2d
java-11-openjdk-devel-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 83102d55150da50e856c7238b24c02dbd7f486ae87b2dc17d6b0e58c9d89c9f7
java-11-openjdk-headless-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: f938f97dd3548564f2438c93d117dad63af8897b684462ede93b9b6189397aa7
java-11-openjdk-headless-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 05240dd3bfc1bfc1d8da6ba0eb43d11b70a1c9241c969e4e87b9643f5acdc72d
java-11-openjdk-headless-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 1b1e4f4f80d639e382d01074f4424974122917baf22de70c4c8fb5c7ab5dfcf9
java-11-openjdk-javadoc-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 6e7ffd7d444aef521b3a7f2a3e36a1e2665bac5381aa4eed38458693d4a5d219
java-11-openjdk-javadoc-zip-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 6867e7781310eb145685e71f5a9ffa8a92b971e9c92c51c25e821af01f580180
java-11-openjdk-jmods-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 7901ad9b5846a710ffa64c6365d664e2f2b7d499a75cc5c08c4151ab0ae90bb7
java-11-openjdk-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 0520b3bee991953cc988787461c28034a37310b89050833b9a07ab8504bfaff6
java-11-openjdk-src-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 4682d16774adce91db15e076ea108f71034d5996f42a4307bf92d8d20e1df928

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.8.10-0.el8_0.src.rpm SHA-256: 9a510ca64f732f22f175cd1f34fa5029aa145dc6d0597473e44e957a49e312ea
x86_64
java-11-openjdk-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: be1f3b06c7521286e255ef35c87109c39bb4bc4385039592129fa9e197c887ba
java-11-openjdk-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 24a521d499ee5bd8471bc875f862fc3249499f392c79decbe819ee203f17d61d
java-11-openjdk-debugsource-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 6abb84b0779f65855d8032544079e42aa2a32fbe2255fecf898e0424ae9af761
java-11-openjdk-demo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 05faadc89ab4e2f9811713ef9ed6d14753d591d2f70cfdb7016c560d88a66489
java-11-openjdk-devel-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 1b08d27a95b06ce87b61c326792157423ddb87a747ef16143e1316b00d214d3c
java-11-openjdk-devel-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 9c1adcec955b3101c0177c70d5ca5df3e8d0471bc2a5b6110c98598cc22e8554
java-11-openjdk-devel-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 0d33ee2f38f897c81c3d6bbf870d343685175188e48b577c637caeaaceac54ad
java-11-openjdk-headless-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 97bb72e28c23aadc3c1496e14351fbaa72d5f563cd7bd1bb7628b2b78be010c5
java-11-openjdk-headless-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: f1605ee620888538244b6559781ca62ae0a33bcc10fca02c55f6726d18e45597
java-11-openjdk-headless-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: c89d75f5fc2199b4ce498b736d009874caa8f7c2fae2fc961978ad39fb205860
java-11-openjdk-javadoc-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: dd5e6b716c3908c321777a01ffe955cbde04bcf3970a8bde3d046f5c63ee4a63
java-11-openjdk-javadoc-zip-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 6e67dfe92c5180b0ccf1d3487a7eaad3937da39447bf8bd90d757d8c69339024
java-11-openjdk-jmods-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: a663ed612db2ac0b1018319ca4b991d780548c4304d88fd6ea3abca89769a48d
java-11-openjdk-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 430ba48b536ecb3a077ac5946e0632b9a468f5b03c6276283a64e50f7322ac45
java-11-openjdk-src-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 983dccdc535bf36ce1e0cc6e92b81b33653c98d3554771292b45085426c46256

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility