Issued:
2020-08-10
Updated:
2020-08-10

RHSA-2020:3386 - Security Advisory

Synopsis

Important: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR6-FP15.

Security Fix(es):

  • OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)
  • OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
  • OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
  • IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length (CVE-2019-17639)
  • OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
  • OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556)
  • OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578)
  • OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579)
  • OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
  • OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le

Fixes

  • BZ - 1790556 - CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)
  • BZ - 1790570 - CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)
  • BZ - 1856448 - CVE-2020-14583 OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)
  • BZ - 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)
  • BZ - 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
  • BZ - 1856896 - CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)
  • BZ - 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
  • BZ - 1856991 - CVE-2020-14578 OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731)
  • BZ - 1856995 - CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
  • BZ - 1866497 - CVE-2019-17639 IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length

Red Hat Enterprise Linux for x86_64 8

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: e18789d48acd55fbd77375c47aa7dea0c3114e7742d67a01d8b70daf6dbd610d
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: db3c12d7e4895b663bfcdc7e89ed2f37fae0cc3088c0cd0d13a6288a4099b466
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 2a6cce1ba1f0d71e93e4d85103a99e332a8bb51281b89ee4025778c6cc25d4f9
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 1b3bb31cba47a4a8ca096fd58d02a81f8b0a28ce235dcdc9148ca98d5ef7b9ff
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: e5f1d0a512167619eff2c87cdf46f77a9587361095c49054b6644c65d44fd65d
java-1.8.0-ibm-plugin-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: de3cb1b7f7162f9646aa9dea70234a8c9aa744f8c02553905746749dc23686c6
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 98ec5cd427321cc1d6203240d815590e848f541f60e0962b1548308d3714a418
java-1.8.0-ibm-webstart-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 4bbf03224ada68da8cba705c8c16ea21610c2327909b274db38ea1dd696e995c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: e18789d48acd55fbd77375c47aa7dea0c3114e7742d67a01d8b70daf6dbd610d
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: db3c12d7e4895b663bfcdc7e89ed2f37fae0cc3088c0cd0d13a6288a4099b466
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 2a6cce1ba1f0d71e93e4d85103a99e332a8bb51281b89ee4025778c6cc25d4f9
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 1b3bb31cba47a4a8ca096fd58d02a81f8b0a28ce235dcdc9148ca98d5ef7b9ff
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: e5f1d0a512167619eff2c87cdf46f77a9587361095c49054b6644c65d44fd65d
java-1.8.0-ibm-plugin-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: de3cb1b7f7162f9646aa9dea70234a8c9aa744f8c02553905746749dc23686c6
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 98ec5cd427321cc1d6203240d815590e848f541f60e0962b1548308d3714a418
java-1.8.0-ibm-webstart-1.8.0.6.15-1.el8_2.x86_64.rpm SHA-256: 4bbf03224ada68da8cba705c8c16ea21610c2327909b274db38ea1dd696e995c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
s390x
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 8740f2db679869cb4818dc97a9a22f5d9b4032884ab660d34a9da1ccd51dfd0b
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 715b5a30e56f2ca5666edbd11fde42a40ce93cb7a54a4a42cec45815a69f3bfb
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 0f33817ff689039c413de7ff6f77a91317c90c76e5e595eb0cbe4535a08ca57d
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 1af8b05dcf1fc0dd780f12908dbbf7ce667a7edcc46d9a09a0f36ec0bc42d910
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 70eb8fa0f2df6f44f866f60b657078fa991d85d2f9a3bb66b759c046ab770b36
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 10de16e5b568bcd36454e87002a7a46b4cbc94dda5d57ef2b6c7a4d04ca927d1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
s390x
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 8740f2db679869cb4818dc97a9a22f5d9b4032884ab660d34a9da1ccd51dfd0b
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 715b5a30e56f2ca5666edbd11fde42a40ce93cb7a54a4a42cec45815a69f3bfb
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 0f33817ff689039c413de7ff6f77a91317c90c76e5e595eb0cbe4535a08ca57d
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 1af8b05dcf1fc0dd780f12908dbbf7ce667a7edcc46d9a09a0f36ec0bc42d910
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 70eb8fa0f2df6f44f866f60b657078fa991d85d2f9a3bb66b759c046ab770b36
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.s390x.rpm SHA-256: 10de16e5b568bcd36454e87002a7a46b4cbc94dda5d57ef2b6c7a4d04ca927d1

Red Hat Enterprise Linux for Power, little endian 8

SRPM
ppc64le
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 376aaece74743009e133dbcef8655ee172fad6ca9bc71c603722c9a1354887a4
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 61b1e99507c683c9d0fe824f982cbff608ceef7fa442e4d41082bfd55f8ca086
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: c81f33500f77b042d70ca31dff4e078033c52a25531c9a6826c67dbb05a2f3c3
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: ecb906affa8a522743772c58d86960b5da8ca9341babba5e52a6204519f11d1e
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: a6716b6f346e35904a34246fa380ebd89c7f557016ca9147c0333a9444fd4f5e
java-1.8.0-ibm-plugin-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: f83cdd83a986ef90df959cf785e94022c1ef2868a438001211af3b0767aca77d
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 3acbb6d205cf53496780f55ff09cd86773a6d0c29f34617a3fa1793c076042a0
java-1.8.0-ibm-webstart-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 824662caea7f1271daaaed1707f79f3abc22cd978f1390eeb9d50bded6792e17

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
ppc64le
java-1.8.0-ibm-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 376aaece74743009e133dbcef8655ee172fad6ca9bc71c603722c9a1354887a4
java-1.8.0-ibm-demo-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 61b1e99507c683c9d0fe824f982cbff608ceef7fa442e4d41082bfd55f8ca086
java-1.8.0-ibm-devel-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: c81f33500f77b042d70ca31dff4e078033c52a25531c9a6826c67dbb05a2f3c3
java-1.8.0-ibm-headless-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: ecb906affa8a522743772c58d86960b5da8ca9341babba5e52a6204519f11d1e
java-1.8.0-ibm-jdbc-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: a6716b6f346e35904a34246fa380ebd89c7f557016ca9147c0333a9444fd4f5e
java-1.8.0-ibm-plugin-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: f83cdd83a986ef90df959cf785e94022c1ef2868a438001211af3b0767aca77d
java-1.8.0-ibm-src-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 3acbb6d205cf53496780f55ff09cd86773a6d0c29f34617a3fa1793c076042a0
java-1.8.0-ibm-webstart-1.8.0.6.15-1.el8_2.ppc64le.rpm SHA-256: 824662caea7f1271daaaed1707f79f3abc22cd978f1390eeb9d50bded6792e17

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.