Red Hat Product Errata RHSA-2020:5585 - Security Advisory
Issued:
2020-12-16
Updated:
2020-12-16

RHSA-2020:5585 - Security Advisory

Synopsis

Important: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR6-FP20.

Security Fix(es):

  • OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)
  • OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583)
  • OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593)
  • IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length (CVE-2019-17639)
  • OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)
  • OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556)
  • OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578)
  • OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579)
  • OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
  • OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)
  • OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577)
  • OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)
  • OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1790556 - CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)
  • BZ - 1790570 - CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)
  • BZ - 1856448 - CVE-2020-14583 OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)
  • BZ - 1856784 - CVE-2020-14593 OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)
  • BZ - 1856885 - CVE-2020-14621 OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
  • BZ - 1856896 - CVE-2020-14556 OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)
  • BZ - 1856988 - CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
  • BZ - 1856991 - CVE-2020-14578 OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731)
  • BZ - 1856995 - CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
  • BZ - 1866497 - CVE-2019-17639 IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length
  • BZ - 1889271 - CVE-2020-14779 OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
  • BZ - 1889697 - CVE-2020-14796 OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)
  • BZ - 1889717 - CVE-2020-14797 OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Red Hat Enterprise Linux Server 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 1896ca49117c270b297b6d7330ddde6829466290a3decd1a887f65f5e282d2f1
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7c4ed6751201cc27ffe8be5d431b073e82e77e60271cd7a95d3094fc9e8049b8
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 472ffc9cdcddc7f7e183ee72f0329001d42cf56d6403f4f7545dcbe4d8a293ff
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7d7b4d49c042dccdefa51db2b0f3ff6c8e0eb061cf17dea79d1dfb93502b7c27
java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 9830076cdb846e6029788b4fed8061720c7ec5e5424de9464a6414a6f5278f42
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 626723a2bfadc5fe1afd04066b0d3e9b57f27849afe55dfdde84a19d333bfb71

Red Hat Enterprise Linux Workstation 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 1896ca49117c270b297b6d7330ddde6829466290a3decd1a887f65f5e282d2f1
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7c4ed6751201cc27ffe8be5d431b073e82e77e60271cd7a95d3094fc9e8049b8
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 472ffc9cdcddc7f7e183ee72f0329001d42cf56d6403f4f7545dcbe4d8a293ff
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7d7b4d49c042dccdefa51db2b0f3ff6c8e0eb061cf17dea79d1dfb93502b7c27
java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 9830076cdb846e6029788b4fed8061720c7ec5e5424de9464a6414a6f5278f42
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 626723a2bfadc5fe1afd04066b0d3e9b57f27849afe55dfdde84a19d333bfb71

Red Hat Enterprise Linux Desktop 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 1896ca49117c270b297b6d7330ddde6829466290a3decd1a887f65f5e282d2f1
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7c4ed6751201cc27ffe8be5d431b073e82e77e60271cd7a95d3094fc9e8049b8
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 472ffc9cdcddc7f7e183ee72f0329001d42cf56d6403f4f7545dcbe4d8a293ff
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7d7b4d49c042dccdefa51db2b0f3ff6c8e0eb061cf17dea79d1dfb93502b7c27
java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 9830076cdb846e6029788b4fed8061720c7ec5e5424de9464a6414a6f5278f42
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 626723a2bfadc5fe1afd04066b0d3e9b57f27849afe55dfdde84a19d333bfb71

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
s390x
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.s390x.rpm SHA-256: 2efc16b838690a0f8fc0b7dc21ad13feb12904d0ef93e155b402e2ae69445dab
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.s390x.rpm SHA-256: 06d2653bbe39642920d9ab55b6c9fdad17cc320a188f288a628ff8bc2067e911
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.s390x.rpm SHA-256: b50dc03f1229a2fd36db4ff722e784e7c511dbc841d446fa39aa3cce915d2e5a
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.s390x.rpm SHA-256: 457d72ed5405aa3888870a6845bb18f1c5a288e82e03c7603e4ce205ca9aadea
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.s390x.rpm SHA-256: c32e04fe8c6f1091cb7cd5aad7a073d228f29d521e145e9b7d60b8d10da41ecd

Red Hat Enterprise Linux for Power, big endian 7

SRPM
ppc64
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: 0fbad79a1a65023a6e3daeed49b005600f01b0473a522a5eb21283d1f08af013
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: 75f9e13878afdc54e22cfa0cf09c30761e07a9f660f694734bd263554b065c87
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: ee5357f1d6c294498cbe3a6f520f7c677c83876438d7e004648d5a24243d8be6
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: 8be01543d606e99d0c8dbea21ed59e143a03bfbc8692c74b1c6ab14ab8edfd81
java-1.8.0-ibm-plugin-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: 10e85b78d0b038283406a6015a964fdfc666b0b601da65ba65ab4f20a55df6a5
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.ppc64.rpm SHA-256: 1d9e0fa63f1aca57c2fb570feb96f1dc18d1298725f2108b75c21844b172ab7d

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
x86_64
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 1896ca49117c270b297b6d7330ddde6829466290a3decd1a887f65f5e282d2f1
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 7c4ed6751201cc27ffe8be5d431b073e82e77e60271cd7a95d3094fc9e8049b8
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 472ffc9cdcddc7f7e183ee72f0329001d42cf56d6403f4f7545dcbe4d8a293ff
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.x86_64.rpm SHA-256: 626723a2bfadc5fe1afd04066b0d3e9b57f27849afe55dfdde84a19d333bfb71

Red Hat Enterprise Linux for Power, little endian 7

SRPM
ppc64le
java-1.8.0-ibm-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm SHA-256: 79213070d80713d2a13ce9e4203ba9d8ca7b6d3259d19105e5a6a5d026656a81
java-1.8.0-ibm-demo-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm SHA-256: f404b00f5942bba0cec80d10ee9e24bba9cd892d8a81e8da55c6429488f6681a
java-1.8.0-ibm-devel-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm SHA-256: 72f02168e2ad735e40eba1216cc25c8ddec728c3a2bad7b2c0bb2f2bf858bcae
java-1.8.0-ibm-jdbc-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm SHA-256: a83f60480c2abc406960fab936cabf267b736c000f1a816f3c02ff327c0a36b1
java-1.8.0-ibm-src-1.8.0.6.20-1jpp.1.el7.ppc64le.rpm SHA-256: 23511f71ab0cb52e2ed9548c9269e6cd5505370ec6593d3d0c8cbc96be714338

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.