What is the severity of RHSA-2018:2575?

The severity of RHSA-2018:2575 is classified as important due to privilege escalation vulnerabilities.

How do I fix RHSA-2018:2575?

To fix RHSA-2018:2575, upgrade to IBM Java SE version 8 SR5-FP20 or later.

Which software packages are affected by RHSA-2018:2575?

Affected packages include various IBM Java runtime and development packages, such as ibm, ibm-demo, ibm-devel, ibm-jdbc, ibm-plugin, and ibm-src.

What vulnerability does RHSA-2018:2575 address?

RHSA-2018:2575 addresses a privilege escalation vulnerability caused by insufficiently restricted access to the Attach API.

Is it safe to continue using versions prior to the fix for RHSA-2018:2575?

It is not safe to continue using versions prior to the fix for RHSA-2018:2575 as they are susceptible to privilege escalation attacks.

Vulnerability/
RHSA-2018:2575

CWE

28/8/2018

20/6/2024

RHSA-2018:2575: Important: java-1.8.0-ibm security update

First published: Tue Aug 28 2018(Updated: 7 years ago)

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.<br>This update upgrades IBM Java SE 8 to version 8 SR5-FP20.<br>Security Fix(es):<br><li> IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)</li> <li> openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)</li> <li> openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)</li> <li> IBM JDK: DoS in the java.math component (CVE-2018-1517)</li> <li> IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)</li> <li> Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)</li> <li> OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)</li> <li> Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)</li> <li> OpenSSL: Double-free in DSA code (CVE-2016-0705)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

Affected Software	Affected Version	How to fix
redhat/java	<1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el6_10
redhat/java	<1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10	1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el6_10

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2018:2575 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2018:2575?
The severity of RHSA-2018:2575 is classified as important due to privilege escalation vulnerabilities.
How do I fix RHSA-2018:2575?
To fix RHSA-2018:2575, upgrade to IBM Java SE version 8 SR5-FP20 or later.
Which software packages are affected by RHSA-2018:2575?
Affected packages include various IBM Java runtime and development packages, such as ibm, ibm-demo, ibm-devel, ibm-jdbc, ibm-plugin, and ibm-src.
What vulnerability does RHSA-2018:2575 address?
RHSA-2018:2575 addresses a privilege escalation vulnerability caused by insufficiently restricted access to the Attach API.
Is it safe to continue using versions prior to the fix for RHSA-2018:2575?
It is not safe to continue using versions prior to the fix for RHSA-2018:2575 as they are susceptible to privilege escalation attacks.

agent/severity
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/remedy
agent/title
agent/description
agent/references
agent/tags
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2018:2575
agent/software-canonical-lookup
agent/event
agent/source
package-manager/redhat