Bug 1639301 (CVE-2018-3214)

Summary:	CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
Product:	[Other] Security Response	Reporter:	Tomas Hoger <thoger>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	ahughes, dbhole, jvanek, security-response-team, yozone
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-12-18 21:49:51 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1633820, 1633821, 1633822, 1639728, 1639729, 1639730, 1639731, 1639732, 1639733, 1639734, 1639736, 1639737, 1639780, 1640178, 1640179, 1640180, 1646173, 1646174, 1646175, 1649854, 1649855, 1649856, 1652094, 1652099, 1652100
Bug Blocks:	1633819

Description Tomas Hoger 2018-10-15 13:16:38 UTC

An infinite loop flaw was found in the RIFF (Resource Interchange File Format) file format reader in the Sound component of OpenJDK.  A specially crafted RIFF file could cause a Java application to enter an infinite loop while reading the RIFF file.

Comment 1 Tomas Hoger 2018-10-15 13:21:32 UTC

This issue was originally reported and fixed in 2015:

https://bugs.openjdk.java.net/browse/JDK-8135160
http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/420dd4208444

but it only got fixed in OpenJDK 9 and not backported to earlier versions at the time.

The problem was re-discovered again when fuzzing Apache Tika:

https://www.modzero.ch/modlog/archives/2018/09/20/java_bugs_with_and_without_fuzzing/index.html

Comment 3 Tomas Hoger 2018-10-16 20:57:40 UTC

Public now via Oracle CPU October 2018:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA

The issue was fixed in Oracle JDK 8u191, 7u201, and 6u211.

Comment 5 errata-xmlrpc 2018-10-17 21:22:02 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2942

Comment 6 errata-xmlrpc 2018-10-17 21:22:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:2943

Comment 7 Tomas Hoger 2018-10-19 20:33:22 UTC

OpenJDK-8 upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c1cffa411ed5

Comment 8 errata-xmlrpc 2018-10-24 21:39:05 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007

Comment 9 errata-xmlrpc 2018-10-24 21:39:38 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008

Comment 10 errata-xmlrpc 2018-10-24 22:05:38 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000

Comment 11 errata-xmlrpc 2018-10-24 22:06:12 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001

Comment 12 errata-xmlrpc 2018-10-24 22:06:55 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002

Comment 13 errata-xmlrpc 2018-10-24 22:07:40 UTC

This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003

Comment 15 errata-xmlrpc 2018-10-30 09:18:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3350 https://access.redhat.com/errata/RHSA-2018:3350

Comment 16 errata-xmlrpc 2018-10-30 16:59:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:3409 https://access.redhat.com/errata/RHSA-2018:3409

Comment 17 errata-xmlrpc 2018-11-09 11:49:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2018:3533 https://access.redhat.com/errata/RHSA-2018:3533

Comment 18 errata-xmlrpc 2018-11-09 11:49:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2018:3534 https://access.redhat.com/errata/RHSA-2018:3534

Comment 21 errata-xmlrpc 2018-11-26 15:42:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2018:3671 https://access.redhat.com/errata/RHSA-2018:3671

Comment 22 errata-xmlrpc 2018-11-26 15:43:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2018:3672 https://access.redhat.com/errata/RHSA-2018:3672

Comment 23 errata-xmlrpc 2018-12-05 15:52:58 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 5.6
  Red Hat Satellite 5.7

Via RHSA-2018:3779 https://access.redhat.com/errata/RHSA-2018:3779

Comment 24 errata-xmlrpc 2018-12-18 15:51:00 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 5.8

Via RHSA-2018:3852 https://access.redhat.com/errata/RHSA-2018:3852