Hide Forgot
It was discovered that the Pattern class in the Concurrency component in OpenJDK could throw an unexpected StackOverflowError exception when compiling specially crafted regular expression. This could possibly cause a Java application to exit because of an unhandled exception if it processed untrusted regular expressions.
Public now via Oracle CPU October 2019: https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA Fixed in Oracle Java SE 13.0.1, 11.0.5, 8u231, and 7u241.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3128 https://access.redhat.com/errata/RHSA-2019:3128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3127 https://access.redhat.com/errata/RHSA-2019:3127
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3134
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3135
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3136
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3158 https://access.redhat.com/errata/RHSA-2019:3158
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3157 https://access.redhat.com/errata/RHSA-2019:3157
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/b0cef26e900b OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/643871d087e0 OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/4d26a82eead6
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2964
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4110 https://access.redhat.com/errata/RHSA-2019:4110
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4109 https://access.redhat.com/errata/RHSA-2019:4109
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4113
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2019:4115
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0006
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0046 https://access.redhat.com/errata/RHSA-2020:0046