RHSA-2020:0470: Important: java-1.8.0-ibm security update
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR6-FP5.Security Fix(es): OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0470?
The severity of RHSA-2020:0470 is categorized as critical due to the potential risks associated with the vulnerability in IBM Java SE.
How do I fix RHSA-2020:0470?
To fix RHSA-2020:0470, you should update IBM Java SE to version 8 SR6-FP5 or later.
What systems are affected by RHSA-2020:0470?
RHSA-2020:0470 affects various Red Hat Java packages, including java, java-demo, java-devel, and others, specifically in version 1.8.0-ibm up to 1.8.0-6.5-1jpp.1.el7.
Is there a workaround for RHSA-2020:0470?
There are no official workarounds recommended for RHSA-2020:0470; updating to the fixed version is advised.
What are the security fixes included in RHSA-2020:0470?
RHSA-2020:0470 includes security fixes related to serialization filter changes via jdk.serialFilter property modifications.