REDHAT-BUG-1761596
First published: Mon Oct 14 2019(Updated: )
It was discovered that Socket and ServerSocket classes in the Networking component in OpenJDK did not restrict creation of subclasses with custom SocketImpl. A specially crafted Java application or applet could use this flaw to bypass certain Java sandbox restriction. The fix for this issue introduces new NetPermission named setSocketImpl which controls the ability to use custom SocketImpl.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2019.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2019:3128
- https://access.redhat.com/errata/RHSA-2019:3127
- https://access.redhat.com/errata/RHSA-2019:3134
- https://access.redhat.com/errata/RHSA-2019:3135
- https://access.redhat.com/errata/RHSA-2019:3136
- https://access.redhat.com/errata/RHSA-2019:3158
- https://access.redhat.com/errata/RHSA-2019:3157
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c7602effc480
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dd50896e9dec
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e3a604d3d1ba
- https://access.redhat.com/security/cve/cve-2019-2945
- https://access.redhat.com/errata/RHSA-2019:4110
- https://access.redhat.com/errata/RHSA-2019:4109
- https://access.redhat.com/errata/RHSA-2019:4113
- https://access.redhat.com/errata/RHSA-2019:4115
- https://access.redhat.com/errata/RHSA-2020:0006
- https://access.redhat.com/errata/RHSA-2020:0046
- https://bugzilla.redhat.com/show_bug.cgi?id=1761596
Frequently Asked Questions
What is the severity of REDHAT-BUG-1761596?
The severity of REDHAT-BUG-1761596 is classified as critical due to its potential to bypass Java sandbox restrictions.
How do I fix REDHAT-BUG-1761596?
To fix REDHAT-BUG-1761596, update to the latest version of OpenJDK that addresses this vulnerability.
What are the potential risks of REDHAT-BUG-1761596?
The potential risks of REDHAT-BUG-1761596 include unauthorized access and execution of malicious code within the Java environment.
Which versions of OpenJDK are affected by REDHAT-BUG-1761596?
OpenJDK 17 is specifically mentioned as being affected by REDHAT-BUG-1761596.
Can REDHAT-BUG-1761596 impact my applications?
Yes, if your applications utilize OpenJDK, they could be at risk due to the vulnerability described in REDHAT-BUG-1761596.
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-2945
- agent/first-publish-date
- agent/source
- agent/references
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 8