Linux Security
    Linux Security
    Linux Security

    Ubuntu 4607-1: OpenJDK vulnerabilities

    Date 27 Oct 2020
    140
    Posted By LinuxSecurity Advisories
    Several security issues were fixed in OpenJDK.
    ==========================================================================
    Ubuntu Security Notice USN-4607-1
    October 27, 2020
    
    openjdk-8, openjdk-lts vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 20.10
    - Ubuntu 20.04 LTS
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Several security issues were fixed in OpenJDK.
    
    Software Description:
    - openjdk-8: Open Source Java implementation
    - openjdk-lts: Open Source Java implementation
    
    Details:
    
    It was discovered that OpenJDK incorrectly handled deserializing Proxy
    class objects with many interfaces. A remote attacker could possibly use
    this issue to cause a denial of service (memory consumption) via a
    specially crafted input. (CVE-2020-14779)
    
    Sergey Ostanin discovered that OpenJDK incorrectly restricted
    authentication mechanisms. A remote attacker could possibly use this
    issue to obtain sensitive information over an unencrypted connection.
    (CVE-2020-14781)
    
    It was discovered that OpenJDK incorrectly handled untrusted certificates.
    An attacker could possibly use this issue to read or write sensitive
    information. (CVE-2020-14782)
    
    Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer
    overflows. An attacker could possibly use this issue to bypass certain
    Java sandbox restrictions. (CVE-2020-14792)
    
    Markus Loewe discovered that OpenJDK incorrectly checked permissions when
    converting a file system path to an URI. An attacker could possibly use
    this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796)
    
    Markus Loewe discovered that OpenJDK incorrectly checked for invalid
    characters when converting an URI to a path. An attacker could possibly
    use this issue to read or write sensitive information. (CVE-2020-14797)
    
    Markus Loewe discovered that OpenJDK incorrectly checked the length of
    input strings. An attacker could possibly use this issue to bypass certain
    Java sandbox restrictions. (CVE-2020-14798)
    
    It was discovered that OpenJDK incorrectly handled boundary checks. An
    attacker could possibly use this issue to bypass certain Java sandbox
    restrictions. (CVE-2020-14803)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 20.10:
      openjdk-11-jdk                  11.0.9+11-0ubuntu1
      openjdk-11-jre                  11.0.9+11-0ubuntu1
      openjdk-11-jre-headless         11.0.9+11-0ubuntu1
      openjdk-11-jre-zero             11.0.9+11-0ubuntu1
      openjdk-8-jdk                   8u272-b10-0ubuntu1~20.10
      openjdk-8-jre                   8u272-b10-0ubuntu1~20.10
      openjdk-8-jre-headless          8u272-b10-0ubuntu1~20.10
      openjdk-8-jre-zero              8u272-b10-0ubuntu1~20.10
    
    Ubuntu 20.04 LTS:
      openjdk-11-jdk                  11.0.9+11-0ubuntu1~20.04
      openjdk-11-jre                  11.0.9+11-0ubuntu1~20.04
      openjdk-11-jre-headless         11.0.9+11-0ubuntu1~20.04
      openjdk-11-jre-zero             11.0.9+11-0ubuntu1~20.04
      openjdk-8-jdk                   8u272-b10-0ubuntu1~20.04
      openjdk-8-jre                   8u272-b10-0ubuntu1~20.04
      openjdk-8-jre-headless          8u272-b10-0ubuntu1~20.04
      openjdk-8-jre-zero              8u272-b10-0ubuntu1~20.04
    
    Ubuntu 18.04 LTS:
      openjdk-11-jdk                  11.0.9+11-0ubuntu1~18.04.1
      openjdk-11-jre                  11.0.9+11-0ubuntu1~18.04.1
      openjdk-11-jre-headless         11.0.9+11-0ubuntu1~18.04.1
      openjdk-11-jre-zero             11.0.9+11-0ubuntu1~18.04.1
      openjdk-8-jdk                   8u272-b10-0ubuntu1~18.04
      openjdk-8-jre                   8u272-b10-0ubuntu1~18.04
      openjdk-8-jre-headless          8u272-b10-0ubuntu1~18.04
      openjdk-8-jre-zero              8u272-b10-0ubuntu1~18.04
    
    Ubuntu 16.04 LTS:
      openjdk-8-jdk                   8u272-b10-0ubuntu1~16.04
      openjdk-8-jre                   8u272-b10-0ubuntu1~16.04
      openjdk-8-jre-headless          8u272-b10-0ubuntu1~16.04
      openjdk-8-jre-zero              8u272-b10-0ubuntu1~16.04
    
    This update uses a new upstream release, which includes additional bug
    fixes. After a standard system update you need to restart any Java
    applications or applets to make all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4607-1
      CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792,
      CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
    
    Package Information:
      https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~20.10
      https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1
      https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~20.04
      https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1~20.04
      https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~18.04
      https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1~18.04.1
      https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~16.04
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.