IBM JDK 7 R1 SR5 FP20 (7.1.5.20) and 8 SR8 FP15 (8.0.8.15) fix a flaw described by upstream as: Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite busy hang on a spinlock or a segmentation fault. OpenJ9 upstream references: https://github.com/eclipse-openj9/openj9/pull/18085 https://gitlab.eclipse.org/security/cve-assignement/-/issues/13 IBM JDK references: https://www.ibm.com/support/pages/node/7078433 https://www.ibm.com/support/pages/apar/IJ49075 https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_November_2023
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0866 https://access.redhat.com/errata/RHSA-2024:0866
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2024:0879 https://access.redhat.com/errata/RHSA-2024:0879