RHSA-2020:0468: Important: java-1.7.1-ibm security update
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.<br>This update upgrades IBM Java SE 7 to version 7R1 SR4-FP60.<br>Security Fix(es):<br><li> OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)</li> <li> OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)</li> <li> OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)</li> <li> OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0468?
The severity of RHSA-2020:0468 is categorized as important.
How do I fix RHSA-2020:0468?
To fix RHSA-2020:0468, update to the latest version of IBM Java SE 7 as specified in the advisory.
What versions of IBM Java SE are affected by RHSA-2020:0468?
RHSA-2020:0468 affects IBM Java SE version 7 Release 1 prior to 7R1 SR4-FP60.
What components are included in the fix for RHSA-2020:0468?
The fix for RHSA-2020:0468 includes updates for various packages such as java, java-demo, java-devel, java-jdbc, and others.
Is there a risk if I do not apply RHSA-2020:0468?
Yes, not applying RHSA-2020:0468 may leave your system vulnerable to security risks associated with serialization filter changes.