The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Oracle Java, OpenJDK: vulnerabilities of July 2020

Synthesis of the vulnerability 

Several vulnerabilities were announced in Oracle products.
Impacted systems: Debian, Avamar, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, AIX, IBM API Connect, IBM i, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this alert: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 15/07/2020.
Références of this alert: 6256732, 6338655, 6351365, 6351367, 6369095, 6371646, 6379724, 6381898, 6382282, 6396472, 6410876, 6435147, CERTFR-2020-AVI-434, CERTFR-2020-AVI-677, cpujul2020, CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14664, DLA-2325-1, DSA-2020-210, DSA-2020-211, DSA-2020-219, DSA-2020-221, DSA-2020-266, DSA-4734-1, FEDORA-2020-3379860d5e, FEDORA-2020-43901402db, FEDORA-2020-508df53719, FEDORA-2020-5d0b4a2b5b, FEDORA-2020-8bfc7c49d1, FEDORA-2020-93cc9c3ef2, FEDORA-2020-9a5b36306c, FEDORA-2020-9dc3df49f0, FEDORA-2020-e418151dc3, FEDORA-2020-f6edb9843b, K85742355, openSUSE-SU-2020:1175-1, openSUSE-SU-2020:1191-1, openSUSE-SU-2020:1893-1, openSUSE-SU-2020:2048-1, openSUSE-SU-2020:2083-1, openSUSE-SU-2020:2170-1, RHSA-2020:2968-01, RHSA-2020:2969-01, RHSA-2020:2970-01, RHSA-2020:2972-01, RHSA-2020:2985-01, RHSA-2020:3098-01, RHSA-2020:3099-01, RHSA-2020:3100-01, RHSA-2020:3101-01, RHSA-2020:3386-01, RHSA-2020:3387-01, RHSA-2020:3388-01, RHSA-2020:5585-01, SB10332, SUSE-SU-2020:14482-1, SUSE-SU-2020:14484-1, SUSE-SU-2020:2008-1, SUSE-SU-2020:2143-1, SUSE-SU-2020:2453-1, SUSE-SU-2020:2461-1, SUSE-SU-2020:2482-1, SUSE-SU-2020:2861-1, SUSE-SU-2020:3191-1, SUSE-SU-2020:3460-1, SUSE-SU-2020:3591-1, USN-4433-1, USN-4453-1, VIGILANCE-VUL-32831, ZDI-20-897.

Description of the vulnerability 

Several vulnerabilities were announced in Oracle products.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Debian, Avamar, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, AIX, IBM API Connect, IBM i, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat announce is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Oracle Java, OpenJDK: version 14.0.2.
The version 14.0.2 is fixed:
  http://www.oracle.com/technetwork/indexes/downloads/index.html
  https://www.oracle.com/java/technologies/javase/14u-relnotes.html
  http://openjdk.java.net/install/

Oracle Java, OpenJDK: version 11.0.8.
The version 11.0.8 is fixed:
  http://www.oracle.com/technetwork/indexes/downloads/index.html
  https://www.oracle.com/java/technologies/javase/11u-relnotes.html
  http://openjdk.java.net/install/

Oracle Java, OpenJDK: version 8u261.
The version 8u261 is fixed:
  http://www.oracle.com/technetwork/indexes/downloads/index.html
  http://www.oracle.com/technetwork/java/javase/documentation/8u-relnotes-2225394.html
  http://openjdk.java.net/install/

Oracle Java, OpenJDK: version 7u271.
The version 7u271 is fixed:
  http://www.oracle.com/technetwork/indexes/downloads/index.html
  http://www.oracle.com/technetwork/java/javase/documentation/javase7supportreleasenotes-1601161.html
  http://openjdk.java.net/install/

AIX: patch for Java.
A patch is indicated in information sources.

Debian 10: new openjdk-11 packages.
New packages are available:
  Debian 10: openjdk-11 11.0.8+10-1~deb10u1

Debian 9: new openjdk-8 packages.
New packages are available:
  Debian 9: openjdk-8 8u265-b01-0+deb9u1

Dell EMC Avamar: fixed versions for Multiple Components.
Fixed versions are indicated in information sources.

Dell EMC Avamar / NetWorker: fixed versions for Third Party.
Fixed versions are indicated in information sources.

Dell EMC Avamar: solution for Multiple Components.
The solution is indicated in information sources.

Dell EMC NetWorker Runtime Environment: version 8.0.6.
The version 8.0.6 is fixed:
  https://www.dell.com/support/

Dell EMC Unisphere: fixed versions for Java.
Fixed versions are indicated in information sources.

F5 BIG-IP: solution for Java.
The solution is indicated in information sources.

Fedora 31-32: new java-1.8.0-openjdk-aarch32 packages.
New packages are available:
  Fedora 31: java-1.8.0-openjdk-aarch32 1.8.0.265.b01-1.fc31
  Fedora 32: java-1.8.0-openjdk-aarch32 1.8.0.265.b01-1.fc32

Fedora 31-32: new java-latest-openjdk packages.
New packages are available:
  Fedora 31: java-latest-openjdk 14.0.2.12-1.rolling.fc31
  Fedora 32: java-latest-openjdk 14.0.2.12-1.rolling.fc32

Fedora 31: new java-11-openjdk packages.
New packages are available:
  Fedora 31: java-11-openjdk 11.0.8.10-2.fc31

Fedora 31: new java-1.8.0-openjdk packages.
New packages are available:
  Fedora 31: java-1.8.0-openjdk 1.8.0.262.b10-1.fc31

Fedora 32, 33: new java-1.8.0-openjdk-aarch32 packages.
New packages are available:
  Fedora 33: java-1.8.0-openjdk-aarch32 1.8.0.275.b01-1.fc33
  Fedora 32: java-1.8.0-openjdk-aarch32 1.8.0.275.b01-1.fc32

Fedora 32: new java-11-openjdk packages.
New packages are available:
  Fedora 32: java-11-openjdk 11.0.8.10-2.fc32

Fedora 32: new java-1.8.0-openjdk packages.
New packages are available:
  Fedora 32: java-1.8.0-openjdk 1.8.0.262.b10-1.fc32

IBM API Connect: patch for Java.
A patch is indicated in information sources.

IBM i: patch for Java.
A patch is indicated in information sources.

IBM MQ: fixed versions for Java.
Fixed versions are indicated in information sources.

IBM QRadar SIEM: patch for Java (15/12/2020).
A patch is indicated in information sources.

IBM Rational ClearCase: fixed versions for Java.
Fixed versions are indicated in information sources.

IBM Security Directory Server: patch for Java.
A patch is indicated in information sources.

IBM Spectrum Protect: fixed versions for Java.
Fixed versions are indicated in information sources.

IBM Spectrum Protect Plus: fixed versions for Linux/Java.
Fixed versions are indicated in information sources.

IBM Spectrum Protect Server: fixed versions for Dependencies.
Fixed versions are indicated in information sources.

IBM Tivoli System Automation Application Manager: patch for IBM Java SDK.
A patch is indicated in information sources.

IBM Tivoli System Automation for Multiplatforms: patch for IBM Java SDK.
A patch is indicated in information sources.

McAfee ePolicy Orchestrator: versions 5.9.1 EPO-919400 and 5.10.0 Update 9.
Versions 5.9.1 EPO-919400 and 5.10.0 Update 9 are fixed:
  http://www.mcafee.com/us/downloads/downloads.aspx

openSUSE Leap 15.1: new java-11-openjdk packages.
New packages are available:
  openSUSE Leap 15.1: java-11-openjdk 11.0.8.0-lp151.3.19.1

openSUSE Leap 15.1: new java-1_8_0-openjdk packages.
New packages are available:
  openSUSE Leap 15.1: java-1_8_0-openjdk 1.8.0.275-lp151.2.18.1

openSUSE Leap 15.2: new java-11-openjdk packages.
New packages are available:
  openSUSE Leap 15.2: java-11-openjdk 11.0.8.0-lp152.2.3.1

openSUSE Leap 15.2: new java-1_8_0-openj9 packages.
New packages are available:
  openSUSE Leap 15.2: java-1_8_0-openj9 1.8.0.272-lp152.3.3.1

openSUSE Leap 15.2: new java-1_8_0-openjdk packages.
New packages are available:
  openSUSE Leap 15.2: java-1_8_0-openjdk 1.8.0.275-lp152.2.6.2

RHEL 6.10: new java-1.7.1-ibm packages (10/08/2020).
New packages are available:
  RHEL 6.10: java-1.7.1-ibm 1.7.1.4.70-1jpp.1.el6_10

RHEL 6.10: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 6.10: java-1.8.0-openjdk 1.8.0.262.b10-0.el6_10

RHEL 7.8: new java-11-openjdk packages.
New packages are available:
  RHEL 7.8: java-11-openjdk 11.0.8.10-0.el7_8

RHEL 7.8: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 7.8: java-1.8.0-openjdk 1.8.0.262.b10-0.el7_8

RHEL 7: new java-1.7.1-ibm packages (10/08/2020).
New packages are available:
  RHEL 7.0-7.8: java-1.7.1-ibm 1.7.1.4.70-1jpp.1.el7

RHEL 7: new java-1.8.0-ibm packages (16/12/2020).
New packages are available:
  RHEL 7.0-7.9: java-1.8.0-ibm 1.8.0.6.20-1jpp.1.el7

RHEL 8.0-8.1: new java-11-openjdk packages.
New packages are available:
  RHEL 8.0: java-11-openjdk 11.0.8.10-0.el8_0
  RHEL 8.1: java-11-openjdk 11.0.8.10-0.el8_1

RHEL 8.0-8.1: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 8.0: java-1.8.0-openjdk 1.8.0.262.b10-0.el8_0
  RHEL 8.1: java-1.8.0-openjdk 1.8.0.262.b10-0.el8_1

RHEL 8.2: new java-11-openjdk packages.
New packages are available:
  RHEL 8.2: java-11-openjdk 11.0.8.10-0.el8_2

RHEL 8.2: new java-1.8.0-ibm packages (10/08/2020).
New packages are available:
  RHEL 8.2: java-1.8.0-ibm 1.8.0.6.15-1.el8_2

RHEL 8.2: new java-1.8.0-openjdk packages.
New packages are available:
  RHEL 8.2: java-1.8.0-openjdk 1.8.0.262.b10-0.el8_2

SUSE LE 11 SP3: new java-1_7_0-ibm packages.
New packages are available:
  SUSE LE 11 SP3: java-1_7_0-ibm 1.7.0_sr10.70-65.54.1

SUSE LE 11 SP4: new java-1_7_1-ibm packages.
New packages are available:
  SUSE LE 11 SP4: java-1_7_1-ibm 1.7.1_sr4.70-26.58.1

SUSE LE 12: new java-1_7_1-ibm packages.
New packages are available:
  SUSE LE 12 SP2: java-1_7_1-ibm 1.7.1_sr4.70-38.56.1
  SUSE LE 12 SP3: java-1_7_1-ibm 1.7.1_sr4.70-38.56.1
  SUSE LE 12 SP4: java-1_7_1-ibm 1.7.1_sr4.70-38.56.1
  SUSE LE 12 SP5: java-1_7_1-ibm 1.7.1_sr4.70-38.56.1

SUSE LE 12: new java-1_8_0-openjdk packages.
New packages are available:
  SUSE LE 12 SP2: java-1_8_0-openjdk 1.8.0.272-27.48.1
  SUSE LE 12 SP3: java-1_8_0-openjdk 1.8.0.272-27.48.1
  SUSE LE 12 SP4: java-1_8_0-openjdk 1.8.0.272-27.48.1
  SUSE LE 12 SP5: java-1_8_0-openjdk 1.8.0.272-27.48.1

SUSE LE 12 SP2-5: new java-1_7_0-openjdk packages.
New packages are available:
  SUSE LE 12 SP2: java-1_7_0-openjdk 1.7.0.271-43.41.1
  SUSE LE 12 SP3: java-1_7_0-openjdk 1.7.0.271-43.41.1
  SUSE LE 12 SP4: java-1_7_0-openjdk 1.7.0.271-43.41.1
  SUSE LE 12 SP5: java-1_7_0-openjdk 1.7.0.271-43.41.1

SUSE LE 12 SP5: new java-11-openjdk packages.
New packages are available:
  SUSE LE 12 SP5: java-11-openjdk 11.0.8.0-3.12.1

SUSE LE 15: new java-11-openjdk packages.
New packages are available:
  SUSE LE 15 RTM: java-11-openjdk 11.0.8.0-3.45.1
  SUSE LE 15 SP1: java-11-openjdk 11.0.8.0-3.45.1
  SUSE LE 15 SP2: java-11-openjdk 11.0.8.0-3.45.1

SUSE LE 15 RTM-SP3: new java-1_8_0-openjdk packages.
New packages are available:
  SUSE LE 15 RTM: java-1_8_0-openjdk 1.8.0.275-3.45.1
  SUSE LE 15 SP1: java-1_8_0-openjdk 1.8.0.275-3.45.1
  SUSE LE 15 SP2: java-1_8_0-openjdk 1.8.0.275-3.45.1
  SUSE LE 15 SP3: java-1_8_0-openjdk 1.8.0.275-3.45.1

SUSE LE: new java-1_8_0-ibm packages.
New packages are available:
  SUSE LE 12 SP2: java-1_8_0-ibm 1.8.0_sr6.15-30.72.1
  SUSE LE 12 SP3: java-1_8_0-ibm 1.8.0_sr6.15-30.72.1
  SUSE LE 12 SP4: java-1_8_0-ibm 1.8.0_sr6.15-30.72.1
  SUSE LE 12 SP5: java-1_8_0-ibm 1.8.0_sr6.15-30.72.1
  SUSE LE 15 RTM: java-1_8_0-ibm 1.8.0_sr6.15-3.41.1
  SUSE LE 15 SP1: java-1_8_0-ibm 1.8.0_sr6.15-3.41.1
  SUSE LE 15 SP2: java-1_8_0-ibm 1.8.0_sr6.15-3.41.1

Ubuntu: new openjdk-11 packages.
New packages are available:
  Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.8+10-0ubuntu1~20.04, openjdk-11-jre 11.0.8+10-0ubuntu1~20.04
  Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.8+10-0ubuntu1~18.04.1, openjdk-11-jre 11.0.8+10-0ubuntu1~18.04.1

Ubuntu: new openjdk-8-jre packages.
New packages are available:
  Ubuntu 20.04 LTS: openjdk-8-jdk 8u265-b01-0ubuntu2~20.04, openjdk-8-jre 8u265-b01-0ubuntu2~20.04
  Ubuntu 18.04 LTS: openjdk-8-jdk 8u265-b01-0ubuntu2~18.04, openjdk-8-jre 8u265-b01-0ubuntu2~18.04
  Ubuntu 16.04 LTS: openjdk-8-jdk 8u265-b01-0ubuntu2~16.04, openjdk-8-jre 8u265-b01-0ubuntu2~16.04

WebSphere AS: fixed versions for Java.
Fixed versions are indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.