Hide Forgot
It was discovered that the implementation of the Collections class in the Utilities component of OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.
Public now via Oracle CPU July 2019: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixJAVA Fixed in Oracle Java SE 12.0.2, 11.0.4, 8u221, and 7u231.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1817 https://access.redhat.com/errata/RHSA-2019:1817
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1810 https://access.redhat.com/errata/RHSA-2019:1810
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1811 https://access.redhat.com/errata/RHSA-2019:1811
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1815 https://access.redhat.com/errata/RHSA-2019:1815
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1816 https://access.redhat.com/errata/RHSA-2019:1816
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1840 https://access.redhat.com/errata/RHSA-2019:1840
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1839 https://access.redhat.com/errata/RHSA-2019:1839
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:2495 https://access.redhat.com/errata/RHSA-2019:2495
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:2494 https://access.redhat.com/errata/RHSA-2019:2494
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2769
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:2585 https://access.redhat.com/errata/RHSA-2019:2585
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2590 https://access.redhat.com/errata/RHSA-2019:2590
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:2592 https://access.redhat.com/errata/RHSA-2019:2592
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2019:2737 https://access.redhat.com/errata/RHSA-2019:2737
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/7c3a12bd9c72 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/989d84752527 OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995d7feafcff