drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in Red Hat Build of OpenJDK 1.8
Name: |
Fehlerhafte Zugriffsrechte in Red Hat Build of OpenJDK 1.8 |
|
ID: |
RHSA-2021:0946-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat OpenJDK |
|
Datum: |
Fr, 19. März 2021, 19:39 |
|
Referenzen: |
https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000
https://access.redhat.com/security/cve/CVE-2021-20264 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update Advisory ID: RHSA-2021:0946-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2021:0946 Issue date: 2021-03-19 Keywords: openjdk,images CVE Names: CVE-2021-20264 =====================================================================
1. Summary:
The Red Hat Build of OpenJDK 8 (container images) is now available from the Red Hat Container Catalog.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Description:
The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26 and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264)
* redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
3. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a link to the updated containers.
4. Bugs fixed (https://bugzilla.redhat.com/):
1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges
5. References:
https://access.redhat.com/security/cve/CVE-2021-20264 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/4859371 https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000 https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFTYC9zjgjWX9erEAQicdg//XcrznVl6lL0ia0iASxS5TxKyCme9cpqi +wIfgO2cnYdD5zszQREx+1+U97QgFOfz7jjeHlikhf4xrRLt2bH9mwaKEOxvRe60 mT/rTjsu75SNtJON8+g+LgvpYx7CFvVul90Nxf875EIQizVjpAGIddbbBY5G969Q N/HgQHPSZjnLHUUa4J5MvzRxW1pPrIdQHXyXtK3TSj6WB1IhpWZ12xTvQnfyQ6Yd Ue2mat5sM0iIrRMeATtH7VrEnkaIgwrliYk5Uvs2FZ6dBJeh7aa9IVZMw3YyiXt7 HkM/oT6RDqGx8x9xij1xbffoziggnJnzzYTP1b42lo3N+ykc82Ye5t6bwzSNomjA bqxoTxkzcyJ9SsnU5VY+bi73CU6xC599R1yhElyvdRTCYXniHMsPigrnRQNXkukB K7KWWa1UHpBABqcheXX+QpYZWhxIY6IiH2ceBhRo8+UnmxQ6TJb5YPLAltMrwsh8 jzXk1nf9sQOufjH1jwKPPY1MxE9dfNAve/vzXc7BWGPh1VyXVhGtnYzsGb5jy97d FDzVha6aWGas030hrLfG4nEIil4RT06zTFRbeY2WpkW8dMJ9OL3UdKJEYhuH4RkN I2GRxSVDoCrXvKHfN7Zf8LNq3Z9oR0uU6rgBU+ERGj5vVnCeqQFwaVsSiwLbayht QXege6hsBbQ= =YsgT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|