Issued:
2020-10-22
Updated:
2020-10-22

RHSA-2020:4316 - Security Advisory

Synopsis

Moderate: java-11-openjdk security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

  • OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)
  • OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)
  • OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)
  • OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)
  • OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)
  • OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)
  • OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • java-11-openjdk property java.vendor is "N/A" (BZ#1873388)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

  • BZ - 1873388 - java-11-openjdk property java.vendor is "N/A" [rhel-8.0.0.z]
  • BZ - 1889271 - CVE-2020-14779 OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
  • BZ - 1889274 - CVE-2020-14781 OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)
  • BZ - 1889280 - CVE-2020-14792 OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114)
  • BZ - 1889290 - CVE-2020-14782 OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)
  • BZ - 1889697 - CVE-2020-14796 OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)
  • BZ - 1889717 - CVE-2020-14797 OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)
  • BZ - 1889895 - CVE-2020-14803 OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.9.11-0.el8_0.src.rpm SHA-256: cbcd3d74643585fdbebfca137287ac55cc029cd9e90b5ef71254a27ceab22701
ppc64le
java-11-openjdk-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 3b2ce6770e4dfa8b7c6fe0261cc49da88d99393e1e8ab28d1709af190c4345c9
java-11-openjdk-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 4eb21295d1061dd81384462110fc339378a59c00ab8a7b297f15e74f318fae31
java-11-openjdk-debugsource-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 9ea5aa0f98fb7072bfbe0a32a1d682ee4d8e07ae68d9334000f01d8e3fd13e82
java-11-openjdk-demo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: b4435a7a73d10676feca097a53e3b08c8366fad2cce03e91064d72d4d18b59ea
java-11-openjdk-devel-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: e238424e9c9c0a0f7ef09d9803fefb7c2ad2810bc29b79d9a4c4c6aed830a18e
java-11-openjdk-devel-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 43dbc677f6d6a42d2fb103231417cf70c242e1ba385ee0675d6c59f733861206
java-11-openjdk-devel-slowdebug-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: dcef34e319b0b128cbb553d093754e6576d26263dec1a1e604ceb472c002c27b
java-11-openjdk-headless-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 73dc7bbd6bf7067abb2f2c0a6099f3ef419def0c6c00b858190036dbbc0db9ef
java-11-openjdk-headless-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 8e3d94c5fe60ad0758b219bf9ae216368d4bb02f45df2b0493de86ba602c64fa
java-11-openjdk-headless-slowdebug-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 26bace7e10c3a18ac0aadafe9b0c22d3a8d3dc3597f152ab8f51325fa9033fbf
java-11-openjdk-javadoc-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: c122bb24b69c359c48828a96f85cf741d02032446cac2fc215699dfb234123ed
java-11-openjdk-javadoc-zip-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 11dd84b6fe3c43086595e468820efbb86408b9ab5120b7287683f0c99e3e230f
java-11-openjdk-jmods-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: d9c77b93c58b8e6083358f8fc2a2a520a35c0c1fa29b8988600851fb4bee38d4
java-11-openjdk-slowdebug-debuginfo-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: 39866d83b36c1cb0b80a59abf7e1e00e5b991014984875e88afd331334ec66c9
java-11-openjdk-src-11.0.9.11-0.el8_0.ppc64le.rpm SHA-256: a4637c266209c4be9496dad2edd4e9e4b6bfe8c4582ce9b3e8334372e26c84da

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
java-11-openjdk-11.0.9.11-0.el8_0.src.rpm SHA-256: cbcd3d74643585fdbebfca137287ac55cc029cd9e90b5ef71254a27ceab22701
x86_64
java-11-openjdk-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 15a0a36b8171a6a6559a212b4b5dc5a1bc811bea1d68aa746fad55a0c94cb862
java-11-openjdk-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 2da6a55b956962208c1ece5f23461db2d3489af5b9775ec4508eac97392d21f3
java-11-openjdk-debugsource-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 72ff8697c6cba8745e53784df76ff894ef77deda5a4e78b4496cf8181cdac67c
java-11-openjdk-demo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: a2b90bc9834f9fc74ab0a95921565244926aac06395d943ef1874f3612b523e9
java-11-openjdk-devel-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 4d7435da64a9db9b63ca1e0240f2c450f9376b8a3684a9cf91aa4e7031e356d0
java-11-openjdk-devel-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 5d0a129c9e54199c9d61d9b5a812524980831943e6ec73712cee2de2a0b86b21
java-11-openjdk-devel-slowdebug-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 6481c39ba71c6688338163a4bcb4f888dc53b24f9aabb4cba4f2d61fb59c32ca
java-11-openjdk-headless-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: ae3e2868b6276936085cbf554409597905c4f0987f1862739147ca8948ee4857
java-11-openjdk-headless-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: ee7a3dc7b291cac1ed5f7fd61d0f23b5f3182bf5c7a8cd6c92da137e864e7196
java-11-openjdk-headless-slowdebug-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: a59e5ab8d94aa7f69bfef2b3ea1c89b7d0cd48fbb07102d8ae12bd504a5a3d6c
java-11-openjdk-javadoc-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: f2cf68f1503faf682f54205f0f5875af138098088e45e209058430e3b1b5fe4d
java-11-openjdk-javadoc-zip-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 839aea7045cb16c3a70c6802de2a77216579738f0bdf942015f0bda6f75aca1b
java-11-openjdk-jmods-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: a14a02801972d44659ad57090aaa3a2e3324b37e941dd8890b3d5c5acef89202
java-11-openjdk-slowdebug-debuginfo-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: d31de5e0f1678c23b054aee680c40ab4853eb8f01621d35aed2ac4db70c062ee
java-11-openjdk-src-11.0.9.11-0.el8_0.x86_64.rpm SHA-256: 8b400b3a862630d8524a2f6d03150b48223684d14d03b76f4f9ff607a1f79f38

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.