RHSA-2018:1650-01 -- Redhat java-1.8.0-openjdkID: oval:org.secpod.oval:def:502300 | Date: (C)2018-05-23 (M)2024-05-22 |
Class: PATCH | Family: unix |
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson and Jann Horn for reporting this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
java-1.8.0-openjdk |