RHSA-2019:3135: Important: java-11-openjdk security update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.Security Fix(es): OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) OpenJDK: Out of bounds access in optimized String indexof implementation (Hotspot, 8224062) (CVE-2019-2977) OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:3135?
The severity of RHSA-2019:3135 is classified as important due to vulnerabilities related to improper handling of Kerberos proxy credentials.
How do I fix RHSA-2019:3135?
To fix RHSA-2019:3135, you should update to the latest version of the OpenJDK packages provided by Red Hat, specifically version 11-openjdk-11.0.5.10-0.el8_0.
What vulnerabilities does RHSA-2019:3135 address?
RHSA-2019:3135 addresses vulnerabilities including improper handling of Kerberos proxy credentials (CVE-2019-2949) and unexpected exceptions in OpenJDK.
What packages are affected by RHSA-2019:3135?
Affected packages include various OpenJDK components such as 11-openjdk, 11-openjdk-devel, and 11-openjdk-headless.
Is it safe to continue using OpenJDK without applying RHSA-2019:3135?
Continuing to use OpenJDK without applying RHSA-2019:3135 poses security risks due to the identified vulnerabilities that could be exploited.