Bug 1602141 (CVE-2018-2938)
Summary: | CVE-2018-2938 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, and 8u181 (Java DB) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | java-qa |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-07-17 21:12:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1594250 |
Description
Tomas Hoger
2018-07-17 21:07:03 UTC
This issue did not affect Oracle Java SE packages as shipped via Oracle Java for Red Hat Enterprise Linux channels, as they did not include the Java DB / Apache Derby component. The issue was addressed upstream by removing Java DB from the Oracle Java SE distribution. Quoting from the upstream release notes: Removed Features and Options other-libs/javadb ➜ Removal of Java DB Java DB, also known as Apache Derby, has been removed in this release. We recommend that you obtain the latest Apache Derby directly from the Apache project at: https://db.apache.org/derby JDK-8197871 (not public) http://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_191 http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_201 The Oracle CPU was updated and now has this note for this CVE: CVE-2018-2938 addresses CVE-2018-1313 Apparently, this CVE is a duplicate of a Derby issue that has been made public previously - CVE-2018-1313 / bug 1575639. |