Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202008-24 ] OpenJDK: Multiple vulnerabilities
Date: Sun, 30 Aug 2020 21:20:40
Message-Id: 8FF0C1E8-40A6-4500-BC95-B2741EAED778@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202008-24
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: OpenJDK: Multiple vulnerabilities
9 Date: August 30, 2020
10 Bugs: #732624
11 ID: 202008-24
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in OpenJDK, the worst of which
19 could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 OpenJDK is a free and open-source implementation of the Java Platform,
25 Standard Edition.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-java/openjdk < 8.262_p01:8 >= 8.262_p01:8
34 2 dev-java/openjdk-bin < 8.262_p01:8 >= 8.262_p01:8
35 -------------------------------------------------------------------
36 2 affected packages
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in OpenJDK. Please review
42 the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 Please review the referenced CVE identifiers for details.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All OpenJDK users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.262_p01"
61
62 All OpenJDK binary users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.262_p01"
66
67 References
68 ==========
69
70 [ 1 ] CVE-2020-14556
71 https://nvd.nist.gov/vuln/detail/CVE-2020-14556
72 [ 2 ] CVE-2020-14562
73 https://nvd.nist.gov/vuln/detail/CVE-2020-14562
74 [ 3 ] CVE-2020-14573
75 https://nvd.nist.gov/vuln/detail/CVE-2020-14573
76 [ 4 ] CVE-2020-14578
77 https://nvd.nist.gov/vuln/detail/CVE-2020-14578
78 [ 5 ] CVE-2020-14579
79 https://nvd.nist.gov/vuln/detail/CVE-2020-14579
80 [ 6 ] CVE-2020-14583
81 https://nvd.nist.gov/vuln/detail/CVE-2020-14583
82 [ 7 ] CVE-2020-14593
83 https://nvd.nist.gov/vuln/detail/CVE-2020-14593
84 [ 8 ] CVE-2020-14621
85 https://nvd.nist.gov/vuln/detail/CVE-2020-14621
86
87 Availability
88 ============
89
90 This GLSA and any updates to it are available for viewing at
91 the Gentoo Security Website:
92
93 https://security.gentoo.org/glsa/202008-24
94
95 Concerns?
96 =========
97
98 Security is a primary focus of Gentoo Linux and ensuring the
99 confidentiality and security of our users' machines is of utmost
100 importance to us. Any security concerns should be addressed to
101 security@g.o or alternatively, you may file a bug at
102 https://bugs.gentoo.org.
103
104 License
105 =======
106
107 Copyright 2020 Gentoo Foundation, Inc; referenced text
108 belongs to its owner(s).
109
110 The contents of this document are licensed under the
111 Creative Commons - Attribution / Share Alike license.
112
113 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature