REDHAT-BUG-1761594
First published: Mon Oct 14 2019(Updated: )
It was discovered that the Kerberos implementation in the Kerberos component in OpenJDK did not properly handle proxy credentials. This could lead to the unintended use of wrong credentials and possible user impersonation.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2019:3128
- https://access.redhat.com/errata/RHSA-2019:3127
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://access.redhat.com/errata/RHSA-2019:3136
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/a2afeadeff2a
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/117a25266142
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/96cab194659e
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/8f88a036006e
- https://access.redhat.com/security/cve/cve-2019-2949
- https://developer.ibm.com/javasdk/support/security-vulnerabilities/
- https://www.ibm.com/support/pages/node/6206153
- https://access.redhat.com/errata/RHSA-2020:2237
- https://access.redhat.com/errata/RHSA-2020:2239
- https://access.redhat.com/errata/RHSA-2020:2241
- https://bugzilla.redhat.com/show_bug.cgi?id=1761594
Frequently Asked Questions
What is the severity of REDHAT-BUG-1761594?
The severity of REDHAT-BUG-1761594 is considered high due to the potential for user impersonation and the misuse of credentials.
How do I fix REDHAT-BUG-1761594?
To fix REDHAT-BUG-1761594, update the OpenJDK to the latest patched version provided by Oracle.
Which versions of OpenJDK are affected by REDHAT-BUG-1761594?
REDHAT-BUG-1761594 affects OpenJDK 17 and potentially other versions of the Kerberos implementation in OpenJDK.
What vulnerabilities can result from REDHAT-BUG-1761594?
REDHAT-BUG-1761594 can lead to unintended use of wrong credentials, which risks user impersonation.
Is there a known exploit for REDHAT-BUG-1761594?
As of now, there are no publicly known exploits for REDHAT-BUG-1761594, but it poses significant security risks.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-2949
- agent/source
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17