1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • OpenJDK 8 vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, August 05, 2020 16:10:08
    openjdk-8 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in OpenJDK 8.

    Software Description

    * openjdk-8 - Open Source Java implementation

    Details

    Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access
    control contexts. An attacker could possibly use this issue to
    execute arbitrary code. (CVE-2020-14556)

    Philippe Arteau discovered that OpenJDK 8 incorrectly verified
    names in TLS server's X.509 certificates. An attacker could
    possibly use this issue to obtain sensitive information.
    (CVE-2020-14577)

    It was discovered that OpenJDK 8 incorrectly handled exceptions in
    DerInputStream class and in the DerValue.equals() method. An
    attacker could possibly use this issue to cause a denial of
    service. (CVE-2020-14578, CVE-2020-14579)

    It was discovered that OpenJDK 8 incorrectly handled image files.
    An attacker could possibly use this issue to obtain sensitive
    information. (CVE-2020-14581)

    Markus Loewe discovered that OpenJDK 8 incorrectly handled
    concurrent access in java.nio.Buffer class. An attacker could use
    this issue to bypass sandbox restrictions. (CVE-2020-14583)

    It was discovered that OpenJDK 8 incorrectly handled
    transformation of images. An attacker could possibly use this
    issue to bypass sandbox restrictions and insert, edit or obtain
    sensitive information. (CVE-2020-14593)

    Roman Shemyakin discovered that OpenJDK 8 incorrectly handled XML
    files. An attacker could possibly use this issue to insert, edit
    or obtain sensitive information. (CVE-2020-14621)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    openjdk-8-jdk - 8u265-b01-0ubuntu2~20.04
    openjdk-8-jre - 8u265-b01-0ubuntu2~20.04
    openjdk-8-jre-headless - 8u265-b01-0ubuntu2~20.04
    openjdk-8-jre-zero - 8u265-b01-0ubuntu2~20.04

    Ubuntu 18.04 LTS
    openjdk-8-jdk - 8u265-b01-0ubuntu2~18.04
    openjdk-8-jre - 8u265-b01-0ubuntu2~18.04
    openjdk-8-jre-headless - 8u265-b01-0ubuntu2~18.04
    openjdk-8-jre-zero - 8u265-b01-0ubuntu2~18.04

    Ubuntu 16.04 LTS
    openjdk-8-jdk - 8u265-b01-0ubuntu2~16.04
    openjdk-8-jre - 8u265-b01-0ubuntu2~16.04
    openjdk-8-jre-headless - 8u265-b01-0ubuntu2~16.04
    openjdk-8-jre-jamvm - 8u265-b01-0ubuntu2~16.04
    openjdk-8-jre-zero - 8u265-b01-0ubuntu2~16.04

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    This update uses a new upstream release, which includes additional
    bug fixes. After a standard system update you need to restart any
    Java applications or applets to make all the necessary changes.

    References

    * CVE-2020-14556
    * CVE-2020-14577
    * CVE-2020-14578
    * CVE-2020-14579
    * CVE-2020-14581
    * CVE-2020-14583
    * CVE-2020-14593
    * CVE-2020-14621

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)