Bug 1665945 (CVE-2019-2422) - CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
Summary: CVE-2019-2422 OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-2422
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1661581 1661582 1661585 1661586 1661587 1666531 1666532 1666899 1666900 1685054 1685111 1685112 1685113 1685114 1685115 1685116 1685117 1689835 1694579
Blocks: 1661579
TreeView+ depends on / blocked
 
Reported: 2019-01-14 14:30 UTC by Tomas Hoger
Modified: 2022-03-13 16:44 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-16 16:24:03 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0416 0 None None None 2019-02-26 11:37:51 UTC
Red Hat Product Errata RHSA-2019:0435 0 None None None 2019-02-28 09:33:04 UTC
Red Hat Product Errata RHSA-2019:0436 0 None None None 2019-02-28 10:09:51 UTC
Red Hat Product Errata RHSA-2019:0462 0 None None None 2019-03-05 18:31:52 UTC
Red Hat Product Errata RHSA-2019:0464 0 None None None 2019-03-05 19:06:10 UTC
Red Hat Product Errata RHSA-2019:0469 0 None None None 2019-03-06 21:52:44 UTC
Red Hat Product Errata RHSA-2019:0472 0 None None None 2019-03-07 15:58:44 UTC
Red Hat Product Errata RHSA-2019:0473 0 None None None 2019-03-07 15:58:53 UTC
Red Hat Product Errata RHSA-2019:0474 0 None None None 2019-03-07 15:59:05 UTC
Red Hat Product Errata RHSA-2019:0640 0 None None None 2019-03-25 18:25:33 UTC
Red Hat Product Errata RHSA-2019:1238 0 None None None 2019-05-16 13:25:31 UTC

Description Tomas Hoger 2019-01-14 14:30:10 UTC 
A memory disclosure flaw was found in the FileChannelImpl class in the Libraries component of OpenJDK.  An untrusted Java application or applet could use this flaw leak limited amount of Java Virtual Machine memory possibly containing sensitive information, resulting in a partial bypass of Java sandbox restrictions.
Comment 1 Tomas Hoger 2019-01-15 22:07:40 UTC 
Public now via Oracle CPU January 2019:

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixJAVA

Fixed in Oracle Java 11.0.2, 8u201, and 7u211.
Comment 3 Tomas Hoger 2019-02-13 16:30:24 UTC 
OpenJDK-8 upstream commit:
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/01337312ad1e

OpenJDK-11 upstream commit:
http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/ca77f2e01dd1
Comment 5 errata-xmlrpc 2019-02-26 11:37:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0416 https://access.redhat.com/errata/RHSA-2019:0416
Comment 6 errata-xmlrpc 2019-02-28 09:33:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0435 https://access.redhat.com/errata/RHSA-2019:0435
Comment 7 errata-xmlrpc 2019-02-28 10:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0436 https://access.redhat.com/errata/RHSA-2019:0436
Comment 8 errata-xmlrpc 2019-03-05 18:31:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0462 https://access.redhat.com/errata/RHSA-2019:0462
Comment 9 errata-xmlrpc 2019-03-05 19:06:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0464 https://access.redhat.com/errata/RHSA-2019:0464
Comment 10 errata-xmlrpc 2019-03-06 21:52:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0469
Comment 11 errata-xmlrpc 2019-03-07 15:58:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0472
Comment 12 errata-xmlrpc 2019-03-07 15:58:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0473
Comment 13 errata-xmlrpc 2019-03-07 15:59:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2019:0474 https://access.redhat.com/errata/RHSA-2019:0474
Comment 14 errata-xmlrpc 2019-03-25 18:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 5.8

Via RHSA-2019:0640 https://access.redhat.com/errata/RHSA-2019:0640
Comment 15 errata-xmlrpc 2019-05-16 13:25:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238
Note You need to log in before you can comment on or make changes to this bug.