Bug 1414562 (CVE-2017-3260)

Summary: CVE-2017-3260 OpenJDK: menu handling memory corruption (AWT, 8164143)
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-18 20:37:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1410614    

Description Tomas Hoger 2017-01-18 20:35:11 UTC 
A flaw was found in the way the AWT component of OpenJDK handled menus.  An untrusted Java application or applet could use this flaw to corrupt Java virtual machine memory and bypass Java sandbox restrictions.
Comment 1 Tomas Hoger 2017-01-18 20:37:18 UTC 
This issue only affected MacOSX platform.  Therefore, OpenJDK packages on Red Hat Enterprise Linux were not affected.
Comment 2 Tomas Hoger 2017-01-18 20:55:11 UTC 
OpenJDK 8 upstream commits:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/920bb0a994d1
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/270f977a4818
Comment 5 Tomas Hoger 2019-07-29 16:09:13 UTC 
Statement:

This issue did not affected the versions of OpenJDK, Oracle JDK, and IBM JDK as shipped with Red Hat Enterprise Linux. This issue only affected JDK versions on the MacOSX platform.