IBM JDK 7 SR10 FP45 (7.0.10.45), 7.1 SR4 FP45 (7.1.4.45), and 8 SR5 FP35 (8.0.5.35) fix a flaw described by upstream as: Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash. OpenJ9 upstream bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588 OpenJ9 upstream merge requests: https://github.com/eclipse/openj9/pull/5528 https://github.com/eclipse/openj9/pull/5529 References: https://www-01.ibm.com/support/docview.wss?uid=ibm10882850 https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_April_2019
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1163 https://access.redhat.com/errata/RHSA-2019:1163
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:1164 https://access.redhat.com/errata/RHSA-2019:1164
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1165 https://access.redhat.com/errata/RHSA-2019:1165
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:1166 https://access.redhat.com/errata/RHSA-2019:1166
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2019:1325 https://access.redhat.com/errata/RHSA-2019:1325