drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenJDK
Name: |
Mehrere Probleme in OpenJDK |
|
ID: |
USN-4433-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS |
|
Datum: |
Do, 23. Juli 2020, 22:28 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
--===============7274545502479654965== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5ljuyvd6duxoldvw" Content-Disposition: inline
--5ljuyvd6duxoldvw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4433-1 July 23, 2020
openjdk-lts vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenJDK.
Software Description: - openjdk-lts: Open Source Java implementation
Details:
Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556)
It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14562)
It was discovered that OpenJDK incorrectly handled input data. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14573)
Philippe Arteau discovered that OpenJDK incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14577)
It was discovered that OpenJDK incorrectly handled image files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14581)
Markus Loewe discovered that OpenJDK incorrectly handled concurrent access in java.nio.Buffer class. An attacker could use this issue to bypass the sandbox restrictions and cause unspecified impact. (CVE-2020-14583)
It was discovered that OpenJDK incorrectly handled transformation of images. An attacker could possibly use this issue to bypass sandbox restrictions and insert, edit or obtain sensitive information. (CVE-2020-14593)
Roman Shemyakin discovered that OpenJDK incorrectly handled XML files. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.8+10-0ubuntu1~20.04 openjdk-11-jre 11.0.8+10-0ubuntu1~20.04 openjdk-11-jre-headless 11.0.8+10-0ubuntu1~20.04 openjdk-11-jre-zero 11.0.8+10-0ubuntu1~20.04
Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre-headless 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre-zero 11.0.8+10-0ubuntu1~18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References: https://usn.ubuntu.com/4433-1 CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
Package Information: https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.8+10-0ubuntu1~20.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.8+10-0ubuntu1~18.04.1
--5ljuyvd6duxoldvw Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl8Z6KIACgkQkGeI6zGn N//u1Q//bTr960CLR74i/iN7B+YfGRcR9Fuaqbvs4WOTxMA1XGBrQHNShEF8uK8O aXKXqR8jo89ki1jI9h83VrQjzQOUENazUQKrZhDti/EmdRCZ76znKpW/SyVYXINa AJoOITyb/KDumJdyw9QhbJR3A0g/qEUTr+bnMwzGMzMxIqU4xSHuJHMOQzCZkkNX exKtakKQvZf65kn/KzIWYG0zilmn9VCwEawpS/V45b2MYgWwm2Xk2crUeUld7l+L Ul8LjhQl/jhajMQIoilkFZCG4FWgagm8HaOCS+H0eGRgll9Pl4mPTd5vjzgtkFyM e7M7fx+relGWNl3ho7yx7bfU2unB9ogIOHfmHK71SIcryV7MgDLmYkzI6grZgedZ al3c07OlThSwVaxxjWS/gwTsJsN05gXLcGSCl7zmkqVQojObSM6UuKPhLK+HCtBf Z19FGNw6DKsNeIS841pwiDHyiqy1kmJCM0cCawsf7r69l+aoj5XIgVeOuebZ7Tcv zSJhP+YfnXlTa2Qr28vNCx4T0HO7gh8PDUrH02bbYWWXyJHnAi1qQohVhNH1fOVH uLtHv5xQP+kXw+sL8BLUpNObypzmGehx4paMGOnUG9o4yVtBViLAJIPzNop7Bbn1 HcSHXJD9h3Yu13xZDFlQRuwJkIOflOAhgRiXr/zcW0a1TJWKDcQ= =0sfS -----END PGP SIGNATURE-----
--5ljuyvd6duxoldvw--
--===============7274545502479654965== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|