Main Vulnerability Database SB2020102727

SB2020102727 - Ubuntu update for openjdk-8

Published: October 27, 2020 Updated: April 23, 2025

Security Bulletin ID SB2020102727

Severity

Medium

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2020-14779)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2020-14781)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JNDI component in Java SE Embedded when processing encrypted LDAP requests. A remote non-authenticated attacker can downgrade the encrypted LDAP connection and gain access to sensitive information.

3) Improper input validation (CVE-ID: CVE-2020-14782)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to an error in CertPath implementation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

4) Improper input validation (CVE-ID: CVE-2020-14792)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

5) Improper input validation (CVE-ID: CVE-2020-14796)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

6) Improper input validation (CVE-ID: CVE-2020-14797)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

7) Improper input validation (CVE-ID: CVE-2020-14798)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

8) Improper input validation (CVE-ID: CVE-2020-14803)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Libraries component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-4607-1

Vulnerable Software

Ubuntu: 16.04 - 20.10
openjdk-8-jre-zero (Ubuntu package): before 8u272-b10-0ubuntu1~16.04
openjdk-8-jre-headless (Ubuntu package): before 8u272-b10-0ubuntu1~16.04
openjdk-8-jre (Ubuntu package): before 8u272-b10-0ubuntu1~16.04
openjdk-8-jdk (Ubuntu package): before 8u272-b10-0ubuntu1~16.04
openjdk-11-jre-zero (Ubuntu package): before 11.0.9+11-0ubuntu1~18.04.1
openjdk-11-jre-headless (Ubuntu package): before 11.0.9+11-0ubuntu1~18.04.1
openjdk-11-jre (Ubuntu package): before 11.0.9+11-0ubuntu1~18.04.1
openjdk-11-jdk (Ubuntu package): before 11.0.9+11-0ubuntu1~18.04.1