A Red Hat Build of OpenJDK 11 (container images) release and security update has been released.

RHSA-2021:0945-01: Moderate: Red Hat Build of OpenJDK 11 (container images) release and security update

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Build of OpenJDK 11 (container images) release and security update
Advisory ID: RHSA-2021:0945-01
Product: OpenJDK
Advisory URL:   https://access.redhat.com/errata/RHSA-2021:0945
Issue date: 2021-03-19
Keywords: openjdk,images
CVE Names: CVE-2021-20264
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 11 (container images) is now available from
the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 11 container images provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

This release of the Red Hat Build of OpenJDK 11 (openjdk-11-rhel7:1.1-12
and ubi8-openjdk-11:1.3-10) serves as a replacement for the Red Hat Build
of OpenJDK 11 (openjdk-11-rhel7:1.1-11 and ubi8-openjdk-11:1.3-9), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section.

Security Fix(es):

* ubi8/openjdk-11: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)

* openjdk/openjdk-11-rhel7: containers/openjdk: /etc/passwd is given
incorrect privileges (CVE-2021-20264)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a link to the updated
containers.

4. Bugs fixed (  https://bugzilla.redhat.com/):

1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges

5. References:

  https://access.redhat.com/security/cve/CVE-2021-20264
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/articles/4859371
  https://catalog.redhat.com/software/containers/openjdk/openjdk-11-rhel7/5bf57185dd19c775cddc4ce5?tag=1.1-12&push_date=1616089599000
  https://catalog.redhat.com/software/containers/ubi8/openjdk-11/5dd6a4b45a13461646f677f4?container-tabs=overview&tag=1.3-10&push_date=1616090044000

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.