It was discovered that the DatagramChannelImpl class in the Networking component of OpenJDK failed to completely enforce the limit of the number of datagram sockets (set using the sun.net.maxDatagramSockets system property) that can be created by a code running with the Java sandbox restrictions. An untrusted Java code could use this flaw to bypass the intended Java sandbox restriction.
Public now via Oracle CPU January 2020: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA Fixed in Oracle Java SE 8u241 and 7u251.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0157
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0196
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0202
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0465 https://access.redhat.com/errata/RHSA-2020:0465
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0467 https://access.redhat.com/errata/RHSA-2020:0467
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0469 https://access.redhat.com/errata/RHSA-2020:0469
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0468 https://access.redhat.com/errata/RHSA-2020:0468
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:0470 https://access.redhat.com/errata/RHSA-2020:0470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0541 https://access.redhat.com/errata/RHSA-2020:0541
OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c9b0a18f082e OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/9ea5e5b2cd63
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0632 https://access.redhat.com/errata/RHSA-2020:0632
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2659
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0856 https://access.redhat.com/errata/RHSA-2020:0856