Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when when optimizing code, leading to out-of-bounds access. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Public now via Oracle CPU October 2020: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA Fixed in Oracle Java SE 15.0.1, 11.0.9, 8u271, and 7u281.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4306 https://access.redhat.com/errata/RHSA-2020:4306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4305 https://access.redhat.com/errata/RHSA-2020:4305
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14792
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4307 https://access.redhat.com/errata/RHSA-2020:4307
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4316 https://access.redhat.com/errata/RHSA-2020:4316
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ed3959f95671 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/824065fb8b18
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4349 https://access.redhat.com/errata/RHSA-2020:4349
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4347 https://access.redhat.com/errata/RHSA-2020:4347
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4352 https://access.redhat.com/errata/RHSA-2020:4352
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4348 https://access.redhat.com/errata/RHSA-2020:4348
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4350 https://access.redhat.com/errata/RHSA-2020:4350