Fedora Account System
Red Hat Associate
Red Hat Customer
An infinite loop flaw was found in the RIFF (Resource Interchange File Format) file format reader in the Sound component of OpenJDK. A specially crafted RIFF file could cause a Java application to enter an infinite loop while reading the RIFF file.
This issue was originally reported and fixed in 2015: https://bugs.openjdk.java.net/browse/JDK-8135160 http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/420dd4208444 but it only got fixed in OpenJDK 9 and not backported to earlier versions at the time. The problem was re-discovered again when fuzzing Apache Tika: https://www.modzero.ch/modlog/archives/2018/09/20/java_bugs_with_and_without_fuzzing/index.html
Public now via Oracle CPU October 2018: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA The issue was fixed in Oracle JDK 8u191, 7u201, and 6u211.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2942
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:2943
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c1cffa411ed5
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3350 https://access.redhat.com/errata/RHSA-2018:3350
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3409 https://access.redhat.com/errata/RHSA-2018:3409
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3533 https://access.redhat.com/errata/RHSA-2018:3533
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3534 https://access.redhat.com/errata/RHSA-2018:3534
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3671 https://access.redhat.com/errata/RHSA-2018:3671
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3672 https://access.redhat.com/errata/RHSA-2018:3672
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:3779 https://access.redhat.com/errata/RHSA-2018:3779
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:3852 https://access.redhat.com/errata/RHSA-2018:3852