Ubuntu alert USN-4726-1 (openjdk-8, openjdk-lts)

From:
             
 
Avital Ostromich <avital.ostromich@canonical.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-4726-1] OpenJDK vulnerability
Date:
             
 
Tue, 09 Feb 2021 13:10:02 -0500
Message-ID:
             
 
<2a872c30-4cf3-7a97-9541-8d2564e58b93@canonical.com>
==========================================================================
Ubuntu Security Notice USN-4726-1
February 09, 2021

openjdk-8, openjdk-lts vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

OpenJDK could be made to crash if it received specially crafted
input.

Software Description:
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation

Details:

It was discovered that OpenJDK incorrectly handled the direct buffering of
characters. An attacker could use this issue to cause OpenJDK to crash,
resulting in a denial of service, or cause other unspecified impact.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre                  11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~20.10
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~20.10
  openjdk-8-jdk                   8u282-b08-0ubuntu1~20.10
  openjdk-8-jre                   8u282-b08-0ubuntu1~20.10
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~20.10
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~20.10

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre                  11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~20.04
  openjdk-8-jdk                   8u282-b08-0ubuntu1~20.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~20.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~20.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre                  11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre-headless         11.0.10+9-0ubuntu1~18.04
  openjdk-11-jre-zero             11.0.10+9-0ubuntu1~18.04
  openjdk-8-jdk                   8u282-b08-0ubuntu1~18.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~18.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~18.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~18.04

Ubuntu 16.04 LTS:
  openjdk-8-jdk                   8u282-b08-0ubuntu1~16.04
  openjdk-8-jre                   8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-headless          8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-jamvm             8u282-b08-0ubuntu1~16.04
  openjdk-8-jre-zero              8u282-b08-0ubuntu1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
  https://usn.ubuntu.com/4726-1
  https://launchpad.net/bugs/1914824

Package Information:
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-...
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+...
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-...
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+...
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-...
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.10+...
  https://launchpad.net/ubuntu/+source/openjdk-8/8u282-b08-...


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...