ID CVE-2020-14621
Summary Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:11.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:14.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
  • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
    cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
CVSS
Base: 5.0 (as of 27-10-2022 - 22:58)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1856995
    title CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968003
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968007
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968009
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968011
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968013
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.262.b10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202968015
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
    rhsa
    id RHSA-2020:2968
    released 2020-07-16
    severity Important
    title RHSA-2020:2968: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1856988
    title CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-11-openjdk is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969001
          • comment java-11-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521002
        • AND
          • comment java-11-openjdk-demo is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969003
          • comment java-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521006
        • AND
          • comment java-11-openjdk-devel is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969005
          • comment java-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521010
        • AND
          • comment java-11-openjdk-headless is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969007
          • comment java-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521014
        • AND
          • comment java-11-openjdk-javadoc is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969009
          • comment java-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521018
        • AND
          • comment java-11-openjdk-javadoc-zip is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969011
          • comment java-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521022
        • AND
          • comment java-11-openjdk-jmods is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969013
          • comment java-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521026
        • AND
          • comment java-11-openjdk-src is earlier than 1:11.0.8.10-0.el7_8
            oval oval:com.redhat.rhsa:tst:20202969015
          • comment java-11-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521030
    rhsa
    id RHSA-2020:2969
    released 2020-07-16
    severity Important
    title RHSA-2020:2969: java-11-openjdk security update (Important)
  • bugzilla
    id 1856988
    title CVE-2020-14577 OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment java-11-openjdk is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970001
          • comment java-11-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521002
        • AND
          • comment java-11-openjdk-debugsource is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970003
          • comment java-11-openjdk-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191518004
        • AND
          • comment java-11-openjdk-demo is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970005
          • comment java-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521006
        • AND
          • comment java-11-openjdk-devel is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970007
          • comment java-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521010
        • AND
          • comment java-11-openjdk-headless is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970009
          • comment java-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521014
        • AND
          • comment java-11-openjdk-javadoc is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970011
          • comment java-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521018
        • AND
          • comment java-11-openjdk-javadoc-zip is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970013
          • comment java-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521022
        • AND
          • comment java-11-openjdk-jmods is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970015
          • comment java-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521026
        • AND
          • comment java-11-openjdk-src is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970017
          • comment java-11-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183521030
        • AND
          • comment java-11-openjdk-static-libs is earlier than 1:11.0.8.10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202970019
          • comment java-11-openjdk-static-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202970020
    rhsa
    id RHSA-2020:2970
    released 2020-07-16
    severity Important
    title RHSA-2020:2970: java-11-openjdk security and enhancement update (Important)
  • bugzilla
    id 1856995
    title CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972003
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-debugsource is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972005
          • comment java-1.8.0-openjdk-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191146006
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972007
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972011
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972013
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972015
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.262.b10-0.el8_2
            oval oval:com.redhat.rhsa:tst:20202972017
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
    rhsa
    id RHSA-2020:2972
    released 2020-07-16
    severity Important
    title RHSA-2020:2972: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1856995
    title CVE-2020-14579 OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.262.b10-0.el6_10
            oval oval:com.redhat.rhsa:tst:20202985023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2020:2985
    released 2020-07-16
    severity Important
    title RHSA-2020:2985: java-1.8.0-openjdk security update (Important)
rpms
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el7_8
  • java-11-openjdk-1:11.0.8.10-0.el7_8
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el7_8
  • java-11-openjdk-demo-1:11.0.8.10-0.el7_8
  • java-11-openjdk-devel-1:11.0.8.10-0.el7_8
  • java-11-openjdk-headless-1:11.0.8.10-0.el7_8
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el7_8
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el7_8
  • java-11-openjdk-jmods-1:11.0.8.10-0.el7_8
  • java-11-openjdk-src-1:11.0.8.10-0.el7_8
  • java-11-openjdk-1:11.0.8.10-0.el8_2
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_2
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_2
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_2
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_2
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_2
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_2
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_2
  • java-11-openjdk-src-1:11.0.8.10-0.el8_2
  • java-11-openjdk-static-libs-1:11.0.8.10-0.el8_2
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.262.b10-0.el6_10
  • java-11-openjdk-1:11.0.8.10-0.el8_0
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_0
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_0
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.8.10-0.el8_0
  • java-11-openjdk-src-1:11.0.8.10-0.el8_0
  • java-11-openjdk-1:11.0.8.10-0.el8_1
  • java-11-openjdk-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-debugsource-1:11.0.8.10-0.el8_1
  • java-11-openjdk-demo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-javadoc-1:11.0.8.10-0.el8_1
  • java-11-openjdk-javadoc-zip-1:11.0.8.10-0.el8_1
  • java-11-openjdk-jmods-1:11.0.8.10-0.el8_1
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.8.10-0.el8_1
  • java-11-openjdk-src-1:11.0.8.10-0.el8_1
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-demo-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-devel-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-headless-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-plugin-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-src-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-webstart-1:1.8.0.6.15-1.el8_2
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.6.20-1jpp.1.el7
refmap via4
confirm
debian DSA-4734
fedora
  • FEDORA-2020-508df53719
  • FEDORA-2020-5d0b4a2b5b
  • FEDORA-2020-93cc9c3ef2
  • FEDORA-2020-e418151dc3
gentoo GLSA-202008-24
misc https://www.oracle.com/security-alerts/cpujul2020.html
mlist
  • [debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update
  • [xerces-j-users] 20201014 Security vulnerability in 2.12.0
suse
  • openSUSE-SU-2020:1175
  • openSUSE-SU-2020:1191
  • openSUSE-SU-2020:1893
ubuntu
  • USN-4433-1
  • USN-4453-1
Last major update 27-10-2022 - 22:58
Published 15-07-2020 - 18:15
Last modified 27-10-2022 - 22:58
Back to Top