Red Hat Security Advisory 2021-0946-01 - The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 serves as a replacement for the Red Hat build of OpenJDK 8, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
1ca0eec462bce021ce6217308293cf29147d6f3c721340fddcd2b340651e5c87
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update
Advisory ID: RHSA-2021:0946-01
Product: OpenJDK
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0946
Issue date: 2021-03-19
Keywords: openjdk,images
CVE Names: CVE-2021-20264
=====================================================================
1. Summary:
The Red Hat Build of OpenJDK 8 (container images) is now available from the
Red Hat Container Catalog.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26
and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of
OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section.
Security Fix(es):
* ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)
* redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is
given incorrect privileges (CVE-2021-20264)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
3. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a link to the updated
containers.
4. Bugs fixed (https://bugzilla.redhat.com/):
1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges
5. References:
https://access.redhat.com/security/cve/CVE-2021-20264
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000
https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFTYC9zjgjWX9erEAQicdg//XcrznVl6lL0ia0iASxS5TxKyCme9cpqi
+wIfgO2cnYdD5zszQREx+1+U97QgFOfz7jjeHlikhf4xrRLt2bH9mwaKEOxvRe60
mT/rTjsu75SNtJON8+g+LgvpYx7CFvVul90Nxf875EIQizVjpAGIddbbBY5G969Q
N/HgQHPSZjnLHUUa4J5MvzRxW1pPrIdQHXyXtK3TSj6WB1IhpWZ12xTvQnfyQ6Yd
Ue2mat5sM0iIrRMeATtH7VrEnkaIgwrliYk5Uvs2FZ6dBJeh7aa9IVZMw3YyiXt7
HkM/oT6RDqGx8x9xij1xbffoziggnJnzzYTP1b42lo3N+ykc82Ye5t6bwzSNomjA
bqxoTxkzcyJ9SsnU5VY+bi73CU6xC599R1yhElyvdRTCYXniHMsPigrnRQNXkukB
K7KWWa1UHpBABqcheXX+QpYZWhxIY6IiH2ceBhRo8+UnmxQ6TJb5YPLAltMrwsh8
jzXk1nf9sQOufjH1jwKPPY1MxE9dfNAve/vzXc7BWGPh1VyXVhGtnYzsGb5jy97d
FDzVha6aWGas030hrLfG4nEIil4RT06zTFRbeY2WpkW8dMJ9OL3UdKJEYhuH4RkN
I2GRxSVDoCrXvKHfN7Zf8LNq3Z9oR0uU6rgBU+ERGj5vVnCeqQFwaVsSiwLbayht
QXege6hsBbQ=
=YsgT
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce