[RHSA-2021:0946-01] Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Fri Mar 19 16:57:56 UTC 2021 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update
Advisory ID:       RHSA-2021:0946-01
Product:           OpenJDK
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0946
Issue date:        2021-03-19
Keywords:          openjdk,images
CVE Names:         CVE-2021-20264 
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 8 (container images) is now available from the
Red Hat Container Catalog.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26
and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of
OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section. 

Security Fix(es):

* ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)

* redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is
given incorrect privileges (CVE-2021-20264)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a link to the updated
containers.

4. Bugs fixed (https://bugzilla.redhat.com/):

1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges

5. References:

https://access.redhat.com/security/cve/CVE-2021-20264
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000
https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000

6. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFTYC9zjgjWX9erEAQicdg//XcrznVl6lL0ia0iASxS5TxKyCme9cpqi
+wIfgO2cnYdD5zszQREx+1+U97QgFOfz7jjeHlikhf4xrRLt2bH9mwaKEOxvRe60
mT/rTjsu75SNtJON8+g+LgvpYx7CFvVul90Nxf875EIQizVjpAGIddbbBY5G969Q
N/HgQHPSZjnLHUUa4J5MvzRxW1pPrIdQHXyXtK3TSj6WB1IhpWZ12xTvQnfyQ6Yd
Ue2mat5sM0iIrRMeATtH7VrEnkaIgwrliYk5Uvs2FZ6dBJeh7aa9IVZMw3YyiXt7
HkM/oT6RDqGx8x9xij1xbffoziggnJnzzYTP1b42lo3N+ykc82Ye5t6bwzSNomjA
bqxoTxkzcyJ9SsnU5VY+bi73CU6xC599R1yhElyvdRTCYXniHMsPigrnRQNXkukB
K7KWWa1UHpBABqcheXX+QpYZWhxIY6IiH2ceBhRo8+UnmxQ6TJb5YPLAltMrwsh8
jzXk1nf9sQOufjH1jwKPPY1MxE9dfNAve/vzXc7BWGPh1VyXVhGtnYzsGb5jy97d
FDzVha6aWGas030hrLfG4nEIil4RT06zTFRbeY2WpkW8dMJ9OL3UdKJEYhuH4RkN
I2GRxSVDoCrXvKHfN7Zf8LNq3Z9oR0uU6rgBU+ERGj5vVnCeqQFwaVsSiwLbayht
QXege6hsBbQ=
=YsgT
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list