RHSA-2020:0465: Important: java-1.8.0-ibm security update
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.<br>This update upgrades IBM Java SE 8 to version 8 SR6-FP5.<br>Security Fix(es):<br><li> OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)</li> <li> OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)</li> <li> OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)</li> <li> OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0465?
The severity of RHSA-2020:0465 is classified as important.
How do I fix RHSA-2020:0465?
To fix RHSA-2020:0465, you need to upgrade IBM Java SE to version 8 SR6-FP5.
What versions of IBM Java SE are affected by RHSA-2020:0465?
Affected versions include IBM Java SE 8 prior to 1.8.0-ibm-1.8.0.6.5-1.el8_1.
What are the security fixes included in RHSA-2020:0465?
The security fixes in RHSA-2020:0465 address serialization filter changes via the jdk.serialFilter property modification.
Which packages are affected by RHSA-2020:0465?
The affected packages include java, java-demo, java-devel, java-headless, java-jdbc, java-plugin, java-src, and java-webstart all prior to their respective fixed versions.