Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that the HttpURLConnection class in the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. A malicious HTTP proxy server could possibly use this flaw to inject content into the proxied connection even when using TLS connections.
Public now via Oracle CPU October 2019: https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA Fixed in Oracle Java SE 13.0.1, 11.0.5, 8u231, and 7u241.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3128 https://access.redhat.com/errata/RHSA-2019:3128
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3127 https://access.redhat.com/errata/RHSA-2019:3127
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3134
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3135
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3136
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:3158 https://access.redhat.com/errata/RHSA-2019:3158
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3157 https://access.redhat.com/errata/RHSA-2019:3157
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/0d78bb7c14b3 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/932b59a0766b OpenJDK-7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d484d838edbc
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2989
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4110 https://access.redhat.com/errata/RHSA-2019:4110
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4109 https://access.redhat.com/errata/RHSA-2019:4109
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4113
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2019:4115
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0006
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0046 https://access.redhat.com/errata/RHSA-2020:0046