A flaw was found in the URL class implementation in the Networking component of OpenJDK. An incorrect check to determine if a URLStreamHandler is builtin or not can lead to incorrect URL normalization in certain cases.
Public now via Oracle CPU January 2020: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA Fixed in Oracle Java SE 13.0.2, 11.0.6, 8u241, and 7u251.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0122
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0157
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0196
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0202
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0232 https://access.redhat.com/errata/RHSA-2020:0232
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0465 https://access.redhat.com/errata/RHSA-2020:0465
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0467 https://access.redhat.com/errata/RHSA-2020:0467
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0469 https://access.redhat.com/errata/RHSA-2020:0469
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0468 https://access.redhat.com/errata/RHSA-2020:0468
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0470 https://access.redhat.com/errata/RHSA-2020:0470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0541 https://access.redhat.com/errata/RHSA-2020:0541
OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/cb85a6f76bc7 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0df35f498deb OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/448084150145
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0632 https://access.redhat.com/errata/RHSA-2020:0632
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2593
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0856 https://access.redhat.com/errata/RHSA-2020:0856