drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenJDK
Name: |
Mehrere Probleme in OpenJDK |
|
ID: |
USN-4607-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10 |
|
Datum: |
Mi, 28. Oktober 2020, 06:55 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14796 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
--===============5552126092957856184== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tdwbjtubh5klg2cc" Content-Disposition: inline
--tdwbjtubh5klg2cc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4607-1 October 27, 2020
openjdk-8, openjdk-lts vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK.
Software Description: - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation
Details:
It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779)
Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781)
It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782)
Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14792)
Markus Loewe discovered that OpenJDK incorrectly checked permissions when converting a file system path to an URI. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796)
Markus Loewe discovered that OpenJDK incorrectly checked for invalid characters when converting an URI to a path. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14797)
Markus Loewe discovered that OpenJDK incorrectly checked the length of input strings. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14798)
It was discovered that OpenJDK incorrectly handled boundary checks. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14803)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: openjdk-11-jdk 11.0.9+11-0ubuntu1 openjdk-11-jre 11.0.9+11-0ubuntu1 openjdk-11-jre-headless 11.0.9+11-0ubuntu1 openjdk-11-jre-zero 11.0.9+11-0ubuntu1 openjdk-8-jdk 8u272-b10-0ubuntu1~20.10 openjdk-8-jre 8u272-b10-0ubuntu1~20.10 openjdk-8-jre-headless 8u272-b10-0ubuntu1~20.10 openjdk-8-jre-zero 8u272-b10-0ubuntu1~20.10
Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.9+11-0ubuntu1~20.04 openjdk-11-jre 11.0.9+11-0ubuntu1~20.04 openjdk-11-jre-headless 11.0.9+11-0ubuntu1~20.04 openjdk-11-jre-zero 11.0.9+11-0ubuntu1~20.04 openjdk-8-jdk 8u272-b10-0ubuntu1~20.04 openjdk-8-jre 8u272-b10-0ubuntu1~20.04 openjdk-8-jre-headless 8u272-b10-0ubuntu1~20.04 openjdk-8-jre-zero 8u272-b10-0ubuntu1~20.04
Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre-headless 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre-zero 11.0.9+11-0ubuntu1~18.04.1 openjdk-8-jdk 8u272-b10-0ubuntu1~18.04 openjdk-8-jre 8u272-b10-0ubuntu1~18.04 openjdk-8-jre-headless 8u272-b10-0ubuntu1~18.04 openjdk-8-jre-zero 8u272-b10-0ubuntu1~18.04
Ubuntu 16.04 LTS: openjdk-8-jdk 8u272-b10-0ubuntu1~16.04 openjdk-8-jre 8u272-b10-0ubuntu1~16.04 openjdk-8-jre-headless 8u272-b10-0ubuntu1~16.04 openjdk-8-jre-zero 8u272-b10-0ubuntu1~16.04
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References: https://usn.ubuntu.com/4607-1 CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
Package Information: https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~20.10 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1 https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~20.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1~20.04 https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~18.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.9+11-0ubuntu1~18.04.1 https://launchpad.net/ubuntu/+source/openjdk-8/8u272-b10-0ubuntu1~16.04
--tdwbjtubh5klg2cc Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl+Yy1UACgkQkGeI6zGn N/9AXQ//cHX9sh+KeeCsKaP80LjYVciBMZFH0KE6v69Qcsy72B9Fay3/oNohfY6m MSnzUt8V7Tc+PrIjBGk2gpYbMnMOkjwLQi7BiMMAGWRgSCcU+hhXwECKodJk7sS4 JMrnYcO3DWfbq6ruSwbITLVlcJ+vi7EAIq6suuTMLRZ+B5mZxYRKAnLbHu7sDpvk +/G+swjjg3xw+1A5hbRjzOV4k065DJV5t1Z0p2V58cwSjGQ7zpS2SUKZJNyyFj3E R8ZrU1PqRMWXnAVkZjFDHre6C2+c3/Ls3luWcJCV++7NSC1xHBlc4HgxgaSt4/66 Yh6TIetTcNa80lIEk5c9Hp3yA+90lz16Wr3anv2CW6a2jV685AE/EGSzRwW38B8h z4yQ+BFe1eygCymbQnnJ23ytY4zMxfodaqqnGl0s5HCNLl/yZlKoD8uq+pzua9y4 7QYoo8HUIWqP6NoSz3sjsVpdFOuQe3TIV2eSO3zsQCY0ma2L0cnJXbVLlbfWR1WK +xUd9gWyrDpZPpq5k8LUSlGMPyM+9UKXIsXPnEEgMkshGzaVebWF+Ofgm75lU4To G2amumrcFvcXxBKNH3nj00Eho+gmPRt6O+6B80gJ4e1+TZTbnY23pfZc0uxVKCS8 wwmf6Oq5gxixPaBsO1e1L0bQZw8gbmW8OdRCdEYnbCSsWk8T/+k= =Gci4 -----END PGP SIGNATURE-----
--tdwbjtubh5klg2cc--
--===============5552126092957856184== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|