Issued:
2020-08-10
Updated:
2020-08-10

RHSA-2020:3388 - Security Advisory

Synopsis

Important: java-1.7.1-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR4-FP70.

Security Fix(es):

  • OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)
  • OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
  • OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
  • IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length (CVE-2019-17639)
  • OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
  • OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578)
  • OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579)
  • OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
  • OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1790556 - CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)
  • BZ - 1790570 - CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)
  • BZ - 1856448 - CVE-2020-14583 OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)
  • BZ - 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)
  • BZ - 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
  • BZ - 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
  • BZ - 1856991 - CVE-2020-14578 OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731)
  • BZ - 1856995 - CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
  • BZ - 1866497 - CVE-2019-17639 IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length

Red Hat Enterprise Linux Server 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 8abc64d33210a5052bb8053210ae3a304f1b560edf2f2be2f75985e9deda4eac
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: e460e89bc3c62293a423aa202e8020bf2099e9d63d691d7c903aa544cea5fd16
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: b52a119366c811762d9c35f5064d66fa4e20e8c4ae098108633f039004222080
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 7b3300372e5c9e2623e6674657197f0e0cdbfa221e1d3f3d4c4774e5069b931a
java-1.7.1-ibm-plugin-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 1d3cb8a2e957ea82a91b5cb05264c40c3fcdf06c9658a7a1e24a2d741da7caba
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 6f35dabf4160650f3ca1539bfbf7188896881648e77a10a4b2c8c2da5035396a

Red Hat Enterprise Linux Workstation 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 8abc64d33210a5052bb8053210ae3a304f1b560edf2f2be2f75985e9deda4eac
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: e460e89bc3c62293a423aa202e8020bf2099e9d63d691d7c903aa544cea5fd16
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: b52a119366c811762d9c35f5064d66fa4e20e8c4ae098108633f039004222080
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 7b3300372e5c9e2623e6674657197f0e0cdbfa221e1d3f3d4c4774e5069b931a
java-1.7.1-ibm-plugin-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 1d3cb8a2e957ea82a91b5cb05264c40c3fcdf06c9658a7a1e24a2d741da7caba
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 6f35dabf4160650f3ca1539bfbf7188896881648e77a10a4b2c8c2da5035396a

Red Hat Enterprise Linux Desktop 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 8abc64d33210a5052bb8053210ae3a304f1b560edf2f2be2f75985e9deda4eac
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: e460e89bc3c62293a423aa202e8020bf2099e9d63d691d7c903aa544cea5fd16
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: b52a119366c811762d9c35f5064d66fa4e20e8c4ae098108633f039004222080
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 7b3300372e5c9e2623e6674657197f0e0cdbfa221e1d3f3d4c4774e5069b931a
java-1.7.1-ibm-plugin-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 1d3cb8a2e957ea82a91b5cb05264c40c3fcdf06c9658a7a1e24a2d741da7caba
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 6f35dabf4160650f3ca1539bfbf7188896881648e77a10a4b2c8c2da5035396a

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
s390x
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.s390x.rpm SHA-256: 49660c5c5a417738ce6f40965b99a240da6b16b7036ad229ae7385557e6b6585
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.s390x.rpm SHA-256: 579a04a32ae5bde2b0c05218d365d9403e4ce9beee05463afac52a9b138ef140
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.s390x.rpm SHA-256: f48724fd58f48f1b48fae7da583bb67164b10944c40a27cf88023cc2b15bafd9
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.s390x.rpm SHA-256: b935a83bd32127e1b2a4018886983f35098f87d64bca0f58ca2518b68947aa86
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.s390x.rpm SHA-256: b511819f344b5971b4cc50757b0b9fbab840fb283cbe03d09c17a67500837830

Red Hat Enterprise Linux for Power, big endian 7

SRPM
ppc64
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.ppc64.rpm SHA-256: 9c9cc5d397d7dcb552a4072df79570d12fe4f4f26e8fe268446dcbaa5077ef35
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.ppc64.rpm SHA-256: ba53520f78a886bdfb50d9af68cdecb7793c7ab2f472714cba011c2c4a1e11ae
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.ppc64.rpm SHA-256: 1a1b75b2fcfbd8fe0bcc6cc05adf1769deefecf939614724eaafc32f38842e65
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.ppc64.rpm SHA-256: 3760dbe31d1b87e57f94caf4283631c73a2b909884599be62473c7b4c1c28e42
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.ppc64.rpm SHA-256: dbed3c7a4023e7a9dae6dc8ac6798604d307eaf31937f856221d1f802c7f9ef5

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
x86_64
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 8abc64d33210a5052bb8053210ae3a304f1b560edf2f2be2f75985e9deda4eac
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: e460e89bc3c62293a423aa202e8020bf2099e9d63d691d7c903aa544cea5fd16
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: b52a119366c811762d9c35f5064d66fa4e20e8c4ae098108633f039004222080
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.x86_64.rpm SHA-256: 6f35dabf4160650f3ca1539bfbf7188896881648e77a10a4b2c8c2da5035396a

Red Hat Enterprise Linux for Power, little endian 7

SRPM
ppc64le
java-1.7.1-ibm-1.7.1.4.70-1jpp.1.el7.ppc64le.rpm SHA-256: 43dd3d208c60ca53aeb7718e8abda7310cd864ba228d7635d3b4266d11bb2431
java-1.7.1-ibm-demo-1.7.1.4.70-1jpp.1.el7.ppc64le.rpm SHA-256: 95160963b0ca2535625d5f4b4d7bee40cab967c2e5a0ca87aa29c493b6c3e33e
java-1.7.1-ibm-devel-1.7.1.4.70-1jpp.1.el7.ppc64le.rpm SHA-256: cf73ce2d1d5586602c1ed9dde042a9d004f15ae8fb9e77a00c9078b1adc8c8e6
java-1.7.1-ibm-jdbc-1.7.1.4.70-1jpp.1.el7.ppc64le.rpm SHA-256: 4cb617f845ac4ff8ee5d1ff68d6d25551e42d61d3fe428618d90789f836ea661
java-1.7.1-ibm-src-1.7.1.4.70-1jpp.1.el7.ppc64le.rpm SHA-256: 6d2013914d7009c03be98aa420afeb5faef8435d73d97666599bb839ce750e68

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.