Bug 1730110 (CVE-2019-2842) - CVE-2019-2842 OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)
Summary: CVE-2019-2842 OpenJDK: Missing array bounds check in crypto providers (JCE, 8...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-2842
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1731477 1731478 1724471 1724472 1724473 1724474 1724475 1724476 1724477 1724478
Blocks: 1724463
TreeView+ depends on / blocked
 
Reported: 2019-07-15 21:11 UTC by Tomas Hoger
Modified: 2019-10-02 08:48 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-07 12:39:32 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1811 None None None 2019-07-22 12:40:35 UTC
Red Hat Product Errata RHSA-2019:1815 None None None 2019-07-22 12:40:47 UTC
Red Hat Product Errata RHSA-2019:1816 None None None 2019-07-22 12:40:59 UTC
Red Hat Product Errata RHSA-2019:1839 None None None 2019-07-23 17:55:20 UTC
Red Hat Product Errata RHSA-2019:1840 None None None 2019-07-23 16:15:42 UTC

Description Tomas Hoger 2019-07-15 21:11:48 UTC
It was discovered that crypto provider implementations in the JCE component of OpenJDK for crypto algorithms such as AES or SHA did not perform array bounds checks.  This could lead to out-of-bounds access if compiler intrinsics were used instead of the Java runtime implementations of the specific operations.

Comment 1 Tomas Hoger 2019-07-16 20:53:14 UTC
Public now via Oracle CPU July 2019:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixJAVA

Fixed in Oracle Java SE 8u221.

Comment 2 errata-xmlrpc 2019-07-22 12:40:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1811 https://access.redhat.com/errata/RHSA-2019:1811

Comment 3 errata-xmlrpc 2019-07-22 12:40:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1815 https://access.redhat.com/errata/RHSA-2019:1815

Comment 4 errata-xmlrpc 2019-07-22 12:40:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1816 https://access.redhat.com/errata/RHSA-2019:1816

Comment 5 errata-xmlrpc 2019-07-23 16:15:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:1840 https://access.redhat.com/errata/RHSA-2019:1840

Comment 6 errata-xmlrpc 2019-07-23 17:55:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1839 https://access.redhat.com/errata/RHSA-2019:1839


Note You need to log in before you can comment on or make changes to this bug.