Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202101-19 ] OpenJDK: Multiple vulnerabilities
Date: Mon, 25 Jan 2021 00:12:28
Message-Id: YA4KvcVGhCLC9pwX@samurai
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202101-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: OpenJDK: Multiple vulnerabilities
9 Date: January 25, 2021
10 Bugs: #705992, #750833
11 ID: 202101-19
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in OpenJDK, the worst of which
19 could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 OpenJDK is a free and open-source implementation of the Java Platform,
25 Standard Edition.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-java/openjdk < 8.272_p10 >= 8.272_p10
34 2 dev-java/openjdk-bin < 8.272_p10 >= 8.272_p10
35 3 dev-java/openjdk-jre-bin
36 < 8.272_p10 >= 8.272_p10
37 -------------------------------------------------------------------
38 3 affected packages
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been discovered in OpenJDK. Please review
44 the CVE identifiers referenced below for details.
45
46 Impact
47 ======
48
49 Please review the referenced CVE identifiers for details.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All OpenJDK users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.272_p10"
63
64 All OpenJDK (binary) users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.272_p10"
68
69 All OpenJDK JRE (binary) users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot -v ">=dev-java/openjdk-jre-bin-8.272_p10"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2020-14779
78 https://nvd.nist.gov/vuln/detail/CVE-2020-14779
79 [ 2 ] CVE-2020-14781
80 https://nvd.nist.gov/vuln/detail/CVE-2020-14781
81 [ 3 ] CVE-2020-14782
82 https://nvd.nist.gov/vuln/detail/CVE-2020-14782
83 [ 4 ] CVE-2020-14792
84 https://nvd.nist.gov/vuln/detail/CVE-2020-14792
85 [ 5 ] CVE-2020-14796
86 https://nvd.nist.gov/vuln/detail/CVE-2020-14796
87 [ 6 ] CVE-2020-14797
88 https://nvd.nist.gov/vuln/detail/CVE-2020-14797
89 [ 7 ] CVE-2020-14798
90 https://nvd.nist.gov/vuln/detail/CVE-2020-14798
91 [ 8 ] CVE-2020-14803
92 https://nvd.nist.gov/vuln/detail/CVE-2020-14803
93 [ 9 ] CVE-2020-2583
94 https://nvd.nist.gov/vuln/detail/CVE-2020-2583
95 [ 10 ] CVE-2020-2590
96 https://nvd.nist.gov/vuln/detail/CVE-2020-2590
97 [ 11 ] CVE-2020-2593
98 https://nvd.nist.gov/vuln/detail/CVE-2020-2593
99 [ 12 ] CVE-2020-2601
100 https://nvd.nist.gov/vuln/detail/CVE-2020-2601
101 [ 13 ] CVE-2020-2604
102 https://nvd.nist.gov/vuln/detail/CVE-2020-2604
103 [ 14 ] CVE-2020-2654
104 https://nvd.nist.gov/vuln/detail/CVE-2020-2654
105 [ 15 ] CVE-2020-2659
106 https://nvd.nist.gov/vuln/detail/CVE-2020-2659
107
108 Availability
109 ============
110
111 This GLSA and any updates to it are available for viewing at
112 the Gentoo Security Website:
113
114 https://security.gentoo.org/glsa/202101-19
115
116 Concerns?
117 =========
118
119 Security is a primary focus of Gentoo Linux and ensuring the
120 confidentiality and security of our users' machines is of utmost
121 importance to us. Any security concerns should be addressed to
122 security@g.o or alternatively, you may file a bug at
123 https://bugs.gentoo.org.
124
125 License
126 =======
127
128 Copyright 2021 Gentoo Foundation, Inc; referenced text
129 belongs to its owner(s).
130
131 The contents of this document are licensed under the
132 Creative Commons - Attribution / Share Alike license.
133
134 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature