Latest ibmjava jre vulnerable to CVE-2019-2816

ibmruntimes / ci.docker

Dockerfiles and build scripts for generating various Docker Images related to IBM Runtimes

Apache License 2.0

45 stars 35 forks source link

Latest ibmjava jre vulnerable to CVE-2019-2816 #72

Closed coreywal closed 4 years ago

coreywal commented 5 years ago

The latest ibmjava JRE image (8-jre) is vulnerable to CVE-2019-2816 as it still has JAVA_VERSION 1.8.0_sr5fp37. The vulnerability is fixed in JAVA_VERSION 1.8.0_sr5fp40 or higher.

dinogun commented 4 years ago

The latest images should fix this

$ docker run --rm -it ibmjava java -version
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 8.0.5.41 - pxa6480sr5fp41-20190919_01(SR5 FP41))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20190911_427071 (JIT enabled, AOT enabled)
OpenJ9   - d581d49
OMR      - ca4db84
IBM      - 5cfdf9c)
JCL - 20190918_01 based on Oracle jdk8u221-b11