-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update Advisory ID: RHSA-2021:0946-01 Product: OpenJDK Advisory URL: https://access.redhat.com/errata/RHSA-2021:0946 Issue date: 2021-03-19 Keywords: openjdk,images CVE Names: CVE-2021-20264 ===================================================================== 1. Summary: The Red Hat Build of OpenJDK 8 (container images) is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26 and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264) * redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a link to the updated containers. 4. Bugs fixed (https://bugzilla.redhat.com/): 1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges 5. References: https://access.redhat.com/security/cve/CVE-2021-20264 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/4859371 https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000 https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFTYC9zjgjWX9erEAQicdg//XcrznVl6lL0ia0iASxS5TxKyCme9cpqi +wIfgO2cnYdD5zszQREx+1+U97QgFOfz7jjeHlikhf4xrRLt2bH9mwaKEOxvRe60 mT/rTjsu75SNtJON8+g+LgvpYx7CFvVul90Nxf875EIQizVjpAGIddbbBY5G969Q N/HgQHPSZjnLHUUa4J5MvzRxW1pPrIdQHXyXtK3TSj6WB1IhpWZ12xTvQnfyQ6Yd Ue2mat5sM0iIrRMeATtH7VrEnkaIgwrliYk5Uvs2FZ6dBJeh7aa9IVZMw3YyiXt7 HkM/oT6RDqGx8x9xij1xbffoziggnJnzzYTP1b42lo3N+ykc82Ye5t6bwzSNomjA bqxoTxkzcyJ9SsnU5VY+bi73CU6xC599R1yhElyvdRTCYXniHMsPigrnRQNXkukB K7KWWa1UHpBABqcheXX+QpYZWhxIY6IiH2ceBhRo8+UnmxQ6TJb5YPLAltMrwsh8 jzXk1nf9sQOufjH1jwKPPY1MxE9dfNAve/vzXc7BWGPh1VyXVhGtnYzsGb5jy97d FDzVha6aWGas030hrLfG4nEIil4RT06zTFRbeY2WpkW8dMJ9OL3UdKJEYhuH4RkN I2GRxSVDoCrXvKHfN7Zf8LNq3Z9oR0uU6rgBU+ERGj5vVnCeqQFwaVsSiwLbayht QXege6hsBbQ= =YsgT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce