Bug 1791217 (CVE-2020-2654)

Summary:	CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
Product:	[Other] Security Response	Reporter:	Tomas Hoger <thoger>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	ahughes, bkearney, dbhole, java-qa, jvanek, security-response-team, tlestach
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-02-27 15:49:50 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1785757, 1785758, 1785759, 1785760, 1785761, 1785762, 1785763, 1785764, 1785765, 1785766, 1785767, 1789444, 1789445, 1789446, 1832246, 1832247, 1832248, 1832249, 1832250, 1832251, 1832252, 1832253, 1832254
Bug Blocks:	1785754

Description Tomas Hoger 2020-01-15 09:06:49 UTC

A flaw was discovered in the way the Libraries component of OpenJDK processed X.509 certificates.  Values of Object Identifiers (OIDs) were "interned", possibly allowing a malicious X.509 certificate to trigger excessive memory usage in a Java application processing such certificate.

Comment 1 Tomas Hoger 2020-01-15 11:20:49 UTC

Public now via Oracle CPU January 2020:

https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA

Fixed in Oracle Java SE 13.0.2, 11.0.6, 8u241, and 7u251.

Comment 2 errata-xmlrpc 2020-01-16 13:02:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0128

Comment 3 errata-xmlrpc 2020-01-16 13:21:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0122

Comment 4 errata-xmlrpc 2020-01-21 03:02:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0157

Comment 5 errata-xmlrpc 2020-01-21 23:00:54 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0196

Comment 6 errata-xmlrpc 2020-01-22 13:04:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0202

Comment 7 errata-xmlrpc 2020-01-27 08:54:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0231

Comment 8 errata-xmlrpc 2020-01-27 08:55:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0232 https://access.redhat.com/errata/RHSA-2020:0232

Comment 15 errata-xmlrpc 2020-02-18 15:28:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0541 https://access.redhat.com/errata/RHSA-2020:0541

Comment 18 Tomas Hoger 2020-02-27 14:43:29 UTC

OpenJDK-7 upstream commit:
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/60a6121b1b5f

OpenJDK-8 upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/80ade7e8b392

OpenJDK-11 upstream commit:
http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/837b7afec083

Comment 19 errata-xmlrpc 2020-02-27 15:27:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0632 https://access.redhat.com/errata/RHSA-2020:0632

Comment 20 Product Security DevOps Team 2020-02-27 15:49:50 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-2654

Comment 26 errata-xmlrpc 2020-05-20 14:24:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:2236 https://access.redhat.com/errata/RHSA-2020:2236

Comment 27 errata-xmlrpc 2020-05-20 14:24:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2020:2237 https://access.redhat.com/errata/RHSA-2020:2237

Comment 28 errata-xmlrpc 2020-05-20 14:25:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:2239 https://access.redhat.com/errata/RHSA-2020:2239

Comment 29 errata-xmlrpc 2020-05-20 14:25:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2020:2238 https://access.redhat.com/errata/RHSA-2020:2238

Comment 30 errata-xmlrpc 2020-05-20 16:03:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2241 https://access.redhat.com/errata/RHSA-2020:2241