Red Hat Bugzilla – Bug 1274120
CVE-2015-4840 and LCMS 2
Last modified: 2017-10-03 21:27:14 EDT
As part of the October 20th security update for the OpenJDK packages, the following patch for CVE-2015-4840 was included, which patches the build of OpenJDK's local copy of LCMS 2 to add -DCMS_DONT_USE_FAST_FLOOR to the CFLAGS.
On RHEL 7, OpenJDK was using the system copy of LCMS 2 instead, but we switched back to the in-tree version in order to incorporate this change. We appreciate it if the system version could also be built with this flag. It swaps a rather hacky floor implementation (writing to one member of a union then reading from another) for a call to the C library's floor function.
The RHEL bug for the security issue is bug 1273338.