A flaw was found in the RMI registry implementation in the RMI component of OpenJDK. Incorrect handling of the server-side dispatch could lead to selection of an incorrect skeleton class.
Public now via Oracle CPU April 2019: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA Fixed in Oracle Java 12.0.1, 11.0.3, 8u211, and 7u221.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0774 https://access.redhat.com/errata/RHSA-2019:0774
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0775 https://access.redhat.com/errata/RHSA-2019:0775
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0778 https://access.redhat.com/errata/RHSA-2019:0778
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/1084d119236b OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/52f3117d3120
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0790 https://access.redhat.com/errata/RHSA-2019:0790
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0791 https://access.redhat.com/errata/RHSA-2019:0791
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1146 https://access.redhat.com/errata/RHSA-2019:1146
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1163 https://access.redhat.com/errata/RHSA-2019:1163
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:1164 https://access.redhat.com/errata/RHSA-2019:1164
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1165 https://access.redhat.com/errata/RHSA-2019:1165
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:1166 https://access.redhat.com/errata/RHSA-2019:1166
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1238
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2019:1325 https://access.redhat.com/errata/RHSA-2019:1325
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1518 https://access.redhat.com/errata/RHSA-2019:1518