[USN-4726-1] OpenJDK vulnerability

Avital Ostromich avital.ostromich at canonical.com
Tue Feb 9 18:10:02 UTC 2021


==========================================================================
Ubuntu Security Notice USN-4726-1
February 09, 2021

openjdk-8, openjdk-lts vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

OpenJDK could be made to crash if it received specially crafted
input.

Software Description:
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation

Details:

It was discovered that OpenJDK incorrectly handled the direct buffering of
characters. An attacker could use this issue to cause OpenJDK to crash,
resulting in a denial of service, or cause other unspecified impact.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre                  11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~20.10
  openjdk-8-jdk                   8u282-b08-0ubuntu1~20.10
  openjdk-8-jre                   8u282-b08-0ubuntu1~20.10
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~20.10
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~20.10

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre                  11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~20.04
  openjdk-8-jdk                   8u282-b08-0ubuntu1~20.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~20.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~20.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre                  11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~18.04
  openjdk-8-jdk                   8u282-b08-0ubuntu1~18.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~18.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~18.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~18.04

Ubuntu 16.04 LTS:
  openjdk-8-jdk                   8u282-b08-0ubuntu1~16.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-jamvm             8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
  https://usn.ubuntu.com/4726-1
  https://launchpad.net/bugs/1914824

Package Information:
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-0ubuntu1~20.10
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+9-0ubuntu1~20.10
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-0ubuntu1~20.04
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+9-0ubuntu1~20.04
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-0ubuntu1~18.04
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+9-0ubuntu1~18.04
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-0ubuntu1~16.04


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20210209/470e73e1/attachment.sig>


More information about the ubuntu-security-announce mailing list