USN-4726-1: OpenJDK vulnerability

Releases

• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• openjdk-8 - Open Source Java implementation
• openjdk-lts - Open Source Java implementation

Details

It was discovered that OpenJDK incorrectly handled the direct buffering of
characters. An attacker could use this issue to cause OpenJDK to crash,
resulting in a denial of service, or cause other unspecified impact.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

• openjdk-11-jdk - 11.0.10+9-0ubuntu1~20.10
• openjdk-11-jre - 11.0.10+9-0ubuntu1~20.10
• openjdk-11-jre-headless - 11.0.10+9-0ubuntu1~20.10
• openjdk-11-jre-zero - 11.0.10+9-0ubuntu1~20.10
• openjdk-8-jdk - 8u282-b08-0ubuntu1~20.10
• openjdk-8-jre - 8u282-b08-0ubuntu1~20.10
• openjdk-8-jre-headless - 8u282-b08-0ubuntu1~20.10
• openjdk-8-jre-zero - 8u282-b08-0ubuntu1~20.10

Ubuntu 20.04

• openjdk-11-jdk - 11.0.10+9-0ubuntu1~20.04
• openjdk-11-jre - 11.0.10+9-0ubuntu1~20.04
• openjdk-11-jre-headless - 11.0.10+9-0ubuntu1~20.04
• openjdk-11-jre-zero - 11.0.10+9-0ubuntu1~20.04
• openjdk-8-jdk - 8u282-b08-0ubuntu1~20.04
• openjdk-8-jre - 8u282-b08-0ubuntu1~20.04
• openjdk-8-jre-headless - 8u282-b08-0ubuntu1~20.04
• openjdk-8-jre-zero - 8u282-b08-0ubuntu1~20.04

Ubuntu 18.04

• openjdk-11-jdk - 11.0.10+9-0ubuntu1~18.04
• openjdk-11-jre - 11.0.10+9-0ubuntu1~18.04
• openjdk-11-jre-headless - 11.0.10+9-0ubuntu1~18.04
• openjdk-11-jre-zero - 11.0.10+9-0ubuntu1~18.04
• openjdk-8-jdk - 8u282-b08-0ubuntu1~18.04
• openjdk-8-jre - 8u282-b08-0ubuntu1~18.04
• openjdk-8-jre-headless - 8u282-b08-0ubuntu1~18.04
• openjdk-8-jre-zero - 8u282-b08-0ubuntu1~18.04

Ubuntu 16.04

• openjdk-8-jdk - 8u282-b08-0ubuntu1~16.04
• openjdk-8-jre - 8u282-b08-0ubuntu1~16.04
• openjdk-8-jre-headless - 8u282-b08-0ubuntu1~16.04
• openjdk-8-jre-jamvm - 8u282-b08-0ubuntu1~16.04
• openjdk-8-jre-zero - 8u282-b08-0ubuntu1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

• https://launchpad.net/bugs/1914824