Bug 1823694 (CVE-2020-2803)
Summary: | CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ahughes, bkearney, dbhole, java-qa, jvanek, security-response-team, tlestach |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-21 16:32:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1810784, 1810785, 1810786, 1810787, 1810788, 1810789, 1810790, 1810791, 1810792, 1810793, 1810794, 1821435, 1821436, 1821437, 1826103, 1826104, 1832246, 1832247, 1832248, 1832249, 1832250, 1832251, 1832252, 1832253, 1832254 | ||
Bug Blocks: | 1810559 |
Description
Tomas Hoger
2020-04-14 09:52:50 UTC
Public now via Oracle CPU April 2020: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA Fixed in Oracle Java SE 14.0.1, 11.0.7, 8u251, and 7u261. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:1508 https://access.redhat.com/errata/RHSA-2020:1508 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1507 https://access.redhat.com/errata/RHSA-2020:1507 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:1506 https://access.redhat.com/errata/RHSA-2020:1506 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1509 https://access.redhat.com/errata/RHSA-2020:1509 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1512 https://access.redhat.com/errata/RHSA-2020:1512 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1514 https://access.redhat.com/errata/RHSA-2020:1514 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2803 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:1517 https://access.redhat.com/errata/RHSA-2020:1517 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:1516 https://access.redhat.com/errata/RHSA-2020:1516 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1515 https://access.redhat.com/errata/RHSA-2020:1515 OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/4b2346f5b2d5 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/a6dcbf49526c OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/3bdb32006248 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:2236 https://access.redhat.com/errata/RHSA-2020:2236 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:2237 https://access.redhat.com/errata/RHSA-2020:2237 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:2239 https://access.redhat.com/errata/RHSA-2020:2239 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:2238 https://access.redhat.com/errata/RHSA-2020:2238 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2241 https://access.redhat.com/errata/RHSA-2020:2241 |