Endpoint Vulnerability

RHSA-2020:4305: java-11-openjdk security and bug fix update (Moderate)

Description

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * 'java-11-openjdk-headless' scriptlet failed during RHEL7 > RHEL8 upgrade transaction (BZ#1871709) * java-11-openjdk property java.vendor is 'N/A' (BZ#1873390)

Affected Products

OpenJDK