Red Hat Product Errata RHSA-2020:3098 - Security Advisory
Issued:
2020-07-22
Updated:
2020-07-22

RHSA-2020:3098 - Security Advisory

Synopsis

Important: java-11-openjdk security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
  • OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
  • OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556)
  • OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239) (CVE-2020-14562)
  • OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867) (CVE-2020-14573)
  • OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
  • OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

  • BZ - 1856448 - CVE-2020-14583 OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)
  • BZ - 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)
  • BZ - 1856810 - CVE-2020-14562 OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)
  • BZ - 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
  • BZ - 1856896 - CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)
  • BZ - 1856951 - CVE-2020-14573 OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)
  • BZ - 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.8.10-0.el8_0.src.rpm SHA-256: 9a510ca64f732f22f175cd1f34fa5029aa145dc6d0597473e44e957a49e312ea
ppc64le
java-11-openjdk-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: f32d1bb9ce9c49cc40121d37b527b0e0388688f1dbb11244360d388bc97ad362
java-11-openjdk-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 743c819d1ad031f143ff1b023401d7ea0f246669c08ca1a89e1b80c51c0cbb23
java-11-openjdk-debugsource-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 64e25641b5493cf46fb54d93b9238539ff949018b7f592b82ae09f20059bee5a
java-11-openjdk-demo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: a202ef134886f3213304d182594bd07e89518c86cb1cc6553b44b532ab1106fd
java-11-openjdk-devel-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 36a870b8f5bf91295129952032b8f71aeaf0975b7f21ae6863697b4ae2dbe230
java-11-openjdk-devel-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 99331f5fca16ead6afc42801252fe5f95592fd8d50b464c99bbeba2a88da5f2d
java-11-openjdk-devel-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 83102d55150da50e856c7238b24c02dbd7f486ae87b2dc17d6b0e58c9d89c9f7
java-11-openjdk-headless-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: f938f97dd3548564f2438c93d117dad63af8897b684462ede93b9b6189397aa7
java-11-openjdk-headless-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 05240dd3bfc1bfc1d8da6ba0eb43d11b70a1c9241c969e4e87b9643f5acdc72d
java-11-openjdk-headless-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 1b1e4f4f80d639e382d01074f4424974122917baf22de70c4c8fb5c7ab5dfcf9
java-11-openjdk-javadoc-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 6e7ffd7d444aef521b3a7f2a3e36a1e2665bac5381aa4eed38458693d4a5d219
java-11-openjdk-javadoc-zip-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 6867e7781310eb145685e71f5a9ffa8a92b971e9c92c51c25e821af01f580180
java-11-openjdk-jmods-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 7901ad9b5846a710ffa64c6365d664e2f2b7d499a75cc5c08c4151ab0ae90bb7
java-11-openjdk-slowdebug-debuginfo-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 0520b3bee991953cc988787461c28034a37310b89050833b9a07ab8504bfaff6
java-11-openjdk-src-11.0.8.10-0.el8_0.ppc64le.rpm SHA-256: 4682d16774adce91db15e076ea108f71034d5996f42a4307bf92d8d20e1df928

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.8.10-0.el8_0.src.rpm SHA-256: 9a510ca64f732f22f175cd1f34fa5029aa145dc6d0597473e44e957a49e312ea
x86_64
java-11-openjdk-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: be1f3b06c7521286e255ef35c87109c39bb4bc4385039592129fa9e197c887ba
java-11-openjdk-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 24a521d499ee5bd8471bc875f862fc3249499f392c79decbe819ee203f17d61d
java-11-openjdk-debugsource-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 6abb84b0779f65855d8032544079e42aa2a32fbe2255fecf898e0424ae9af761
java-11-openjdk-demo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 05faadc89ab4e2f9811713ef9ed6d14753d591d2f70cfdb7016c560d88a66489
java-11-openjdk-devel-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 1b08d27a95b06ce87b61c326792157423ddb87a747ef16143e1316b00d214d3c
java-11-openjdk-devel-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 9c1adcec955b3101c0177c70d5ca5df3e8d0471bc2a5b6110c98598cc22e8554
java-11-openjdk-devel-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 0d33ee2f38f897c81c3d6bbf870d343685175188e48b577c637caeaaceac54ad
java-11-openjdk-headless-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 97bb72e28c23aadc3c1496e14351fbaa72d5f563cd7bd1bb7628b2b78be010c5
java-11-openjdk-headless-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: f1605ee620888538244b6559781ca62ae0a33bcc10fca02c55f6726d18e45597
java-11-openjdk-headless-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: c89d75f5fc2199b4ce498b736d009874caa8f7c2fae2fc961978ad39fb205860
java-11-openjdk-javadoc-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: dd5e6b716c3908c321777a01ffe955cbde04bcf3970a8bde3d046f5c63ee4a63
java-11-openjdk-javadoc-zip-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 6e67dfe92c5180b0ccf1d3487a7eaad3937da39447bf8bd90d757d8c69339024
java-11-openjdk-jmods-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: a663ed612db2ac0b1018319ca4b991d780548c4304d88fd6ea3abca89769a48d
java-11-openjdk-slowdebug-debuginfo-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 430ba48b536ecb3a077ac5946e0632b9a468f5b03c6276283a64e50f7322ac45
java-11-openjdk-src-11.0.8.10-0.el8_0.x86_64.rpm SHA-256: 983dccdc535bf36ce1e0cc6e92b81b33653c98d3554771292b45085426c46256

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.