Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that the regular expression handling implementation in the Nashorn JavaScript engine in the Scripting component of OpenJDK could unexpectedly throw StackOverflowError exception when processing a specially crafted regular expression. A JavaScript script could cause the Nashorn engine to exit by compiling a malicious regular expression.
Public now via Oracle CPU October 2019: https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA Fixed in Oracle Java SE 13.0.1, 11.0.5, and 8u231.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3128 https://access.redhat.com/errata/RHSA-2019:3128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3127 https://access.redhat.com/errata/RHSA-2019:3127
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3134
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3135
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3136
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/5f4e2a53afc9 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/nashorn/rev/fba077f48da2
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2975
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4113
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2019:4115
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0006
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0046 https://access.redhat.com/errata/RHSA-2020:0046