It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when when optimizing code, leading to out-of-bounds access. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Public now via Oracle CPU October 2020: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA Fixed in Oracle Java SE 15.0.1, 11.0.9, 8u271, and 7u281.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4306 https://access.redhat.com/errata/RHSA-2020:4306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4305 https://access.redhat.com/errata/RHSA-2020:4305
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14792
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4307 https://access.redhat.com/errata/RHSA-2020:4307
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4316 https://access.redhat.com/errata/RHSA-2020:4316
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ed3959f95671 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/824065fb8b18
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4349 https://access.redhat.com/errata/RHSA-2020:4349
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4347 https://access.redhat.com/errata/RHSA-2020:4347
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4352 https://access.redhat.com/errata/RHSA-2020:4352
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4348 https://access.redhat.com/errata/RHSA-2020:4348
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4350 https://access.redhat.com/errata/RHSA-2020:4350