Bug 1665945 (CVE-2019-2422) - CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
Summary: CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-2422
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190115,repor...
Depends On: 1685117 1661581 1661582 1661585 1661586 1661587 1666531 1666532 1666899 1666900 1685054 1685111 1685112 1685113 1685114 1685115 1685116 1689835 1694579
Blocks: 1661579
TreeView+ depends on / blocked
 
Reported: 2019-01-14 14:30 UTC by Tomas Hoger
Modified: 2019-06-14 09:15 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-16 16:24:03 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0416 None None None 2019-02-26 11:37:51 UTC
Red Hat Product Errata RHSA-2019:0435 None None None 2019-02-28 09:33:04 UTC
Red Hat Product Errata RHSA-2019:0436 None None None 2019-02-28 10:09:51 UTC
Red Hat Product Errata RHSA-2019:0462 None None None 2019-03-05 18:31:52 UTC
Red Hat Product Errata RHSA-2019:0464 None None None 2019-03-05 19:06:10 UTC
Red Hat Product Errata RHSA-2019:0469 None None None 2019-03-06 21:52:44 UTC
Red Hat Product Errata RHSA-2019:0472 None None None 2019-03-07 15:58:44 UTC
Red Hat Product Errata RHSA-2019:0473 None None None 2019-03-07 15:58:53 UTC
Red Hat Product Errata RHSA-2019:0474 None None None 2019-03-07 15:59:05 UTC
Red Hat Product Errata RHSA-2019:0640 None None None 2019-03-25 18:25:33 UTC
Red Hat Product Errata RHSA-2019:1238 None None None 2019-05-16 13:25:31 UTC

Description Tomas Hoger 2019-01-14 14:30:10 UTC
A memory disclosure flaw was found in the FileChannelImpl class in the Libraries component of OpenJDK.  An untrusted Java application or applet could use this flaw leak limited amount of Java Virtual Machine memory possibly containing sensitive information, resulting in a partial bypass of Java sandbox restrictions.

Comment 1 Tomas Hoger 2019-01-15 22:07:40 UTC
Public now via Oracle CPU January 2019:

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixJAVA

Fixed in Oracle Java 11.0.2, 8u201, and 7u211.

Comment 3 Tomas Hoger 2019-02-13 16:30:24 UTC
OpenJDK-8 upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/01337312ad1e

OpenJDK-11 upstream commit:
http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ca77f2e01dd1

Comment 5 errata-xmlrpc 2019-02-26 11:37:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0416 https://access.redhat.com/errata/RHSA-2019:0416

Comment 6 errata-xmlrpc 2019-02-28 09:33:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0435 https://access.redhat.com/errata/RHSA-2019:0435

Comment 7 errata-xmlrpc 2019-02-28 10:09:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0436 https://access.redhat.com/errata/RHSA-2019:0436

Comment 8 errata-xmlrpc 2019-03-05 18:31:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0462 https://access.redhat.com/errata/RHSA-2019:0462

Comment 9 errata-xmlrpc 2019-03-05 19:06:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0464 https://access.redhat.com/errata/RHSA-2019:0464

Comment 10 errata-xmlrpc 2019-03-06 21:52:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0469

Comment 11 errata-xmlrpc 2019-03-07 15:58:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0472

Comment 12 errata-xmlrpc 2019-03-07 15:58:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0473

Comment 13 errata-xmlrpc 2019-03-07 15:59:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0474 https://access.redhat.com/errata/RHSA-2019:0474

Comment 14 errata-xmlrpc 2019-03-25 18:25:32 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.8

Via RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:0640

Comment 15 errata-xmlrpc 2019-05-16 13:25:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238


Note You need to log in before you can comment on or make changes to this bug.