REDHAT-BUG-1639755
First published: Tue Oct 16 2018(Updated: )
It was discovered that the Security component of OpenJDK could incorrectly use unsigned manifest attribute entries when only properly signed entries were meant to be used. This could lead to bypass of protections provided by Jar signing. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2018:2942
- https://access.redhat.com/errata/RHSA-2018:2943
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/9f786031deff
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ca864c999536
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/65384f6a933f
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/5979d0004415
- https://access.redhat.com/errata/RHSA-2018:3007
- https://access.redhat.com/errata/RHSA-2018:3008
- https://access.redhat.com/errata/RHSA-2018:3000
- https://access.redhat.com/errata/RHSA-2018:3001
- https://access.redhat.com/errata/RHSA-2018:3002
- https://access.redhat.com/errata/RHSA-2018:3003
- https://access.redhat.com/errata/RHSA-2018:3350
- https://access.redhat.com/errata/RHSA-2018:3409
- https://access.redhat.com/errata/RHSA-2018:3521
- https://access.redhat.com/errata/RHSA-2018:3533
- https://access.redhat.com/errata/RHSA-2018:3534
- https://access.redhat.com/errata/RHSA-2018:3671
- https://access.redhat.com/errata/RHSA-2018:3672
- https://access.redhat.com/errata/RHSA-2018:3779
- https://access.redhat.com/errata/RHSA-2018:3852
- https://bugzilla.redhat.com/show_bug.cgi?id=1639755
Frequently Asked Questions
What is the severity of REDHAT-BUG-1639755?
The severity of REDHAT-BUG-1639755 is considered high due to its potential to bypass Jar signing protections.
How do I fix REDHAT-BUG-1639755?
To fix REDHAT-BUG-1639755, you should update OpenJDK to the latest version provided by your distribution.
What impact does REDHAT-BUG-1639755 have on applications?
REDHAT-BUG-1639755 allows untrusted Java applications to potentially execute unauthorized code by bypassing security checks.
When was REDHAT-BUG-1639755 first reported?
REDHAT-BUG-1639755 was first reported as a vulnerability in 2018.
Is REDHAT-BUG-1639755 applicable to all OpenJDK versions?
REDHAT-BUG-1639755 affects specific versions of OpenJDK, so checking your version against security advisories is crucial.
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-3136
- agent/first-publish-date
- agent/source
- agent/references
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/openjdk