-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Build of OpenJDK 11 (container images) release and security update
Advisory ID:       RHSA-2021:0945-01
Product:           OpenJDK
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0945
Issue date:        2021-03-19
Keywords:          openjdk,images
CVE Names:         CVE-2021-20264 
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 11 (container images) is now available from
the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 11 container images provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

This release of the Red Hat Build of OpenJDK 11 (openjdk-11-rhel7:1.1-12
and ubi8-openjdk-11:1.3-10) serves as a replacement for the Red Hat Build
of OpenJDK 11 (openjdk-11-rhel7:1.1-11 and ubi8-openjdk-11:1.3-9), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section. 

Security Fix(es):

* ubi8/openjdk-11: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)

* openjdk/openjdk-11-rhel7: containers/openjdk: /etc/passwd is given
incorrect privileges (CVE-2021-20264)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a link to the updated
containers.

4. Bugs fixed (https://bugzilla.redhat.com/):

1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges

5. References:

https://access.redhat.com/security/cve/CVE-2021-20264
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/openjdk/openjdk-11-rhel7/5bf57185dd19c775cddc4ce5?tag=1.1-12&push_date=1616089599000
https://catalog.redhat.com/software/containers/ubi8/openjdk-11/5dd6a4b45a13461646f677f4?container-tabs=overview&tag=1.3-10&push_date=1616090044000

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFTX7tzjgjWX9erEAQg2YRAAnDwOkQx7Pqq3VnxJi5mxdUiN0JAJ4L2C
N/kh4yGMz9ZbqFXQfdXRdSlTIJoO6cyVe/ObV2WBzaKJRh1XrHzQgaN62rfTntu2
L2NcycAnZXSthY4Hx0gHNkF52zgPibDjjMFvsDasvlbmr2ga82tZvj1Dq3mwE81K
XrvFY1f+FP05RHkJP3oGtfOGPBNGXTqYCHyFguQwj2XNVr9gUus/NWLweDxkJrhS
QQD/Q1qCg6VwI+O+LfxQilkXgnvtHFk7ICxVDt1hiEoBeBeFqKbLUXJ7xsqxzmmj
V8sgy9Va82qA51CJnXZHpY4rbwnQoUI82D9BRWyyHvjFQfe+zBNjf1qIW7c7zhyd
U65h8nLhJgjhdFpojH7nQvCib2c12a4Y/CO1hq9OUc/RN4enemRWH9oNOcMekn+7
SakvTsZp3Y0IxakiSFPuwnMnGaVJnDn+iLOqyxGk0oCxdgzvWCrU7x+SNJz/JSVr
OFJ+Mn1x6P05RMsmL2eSJc06dutDOpztcXrToWHjuzkCXSjN3ABpJoigsaKHvNsG
F0n9SzoAa2m+f0NbUwUC4/KArnqSp/w07VS3q4hvJkdnzSq8Rc1OsV3vOWOBibIm
mSgpIaGjKZBqRT63I4DcpVxmtknxJhLd6YaFVv3sw1NPi6+AhgSEuDelI2i/S4AK
5qt1hDnJtNA=
=e0p2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce