Security Alert (A21-01-04): Multiple Vulnerabilities in Oracle Java and Oracle Products (January 2021)


 

Published on: 20 January 2021

  
  

 

Description:

Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.  The list of security updates can be found at:

https://www.oracle.com/security-alerts/cpujan2021.html

Affected Systems:

  • Oracle Java SE
  • OpenJDK
  • Database
  • Oracle Linux and Virtualization
  • Oracle MySQL Product Suite
  • Oracle and Sun Systems Products Suite
  • Fusion Applications and Middleware

A complete list of the affected products can be found at:
https://www.oracle.com/security-alerts/cpujan2021.html

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of services, data tampering, information disclosure, system crash or compromise of a vulnerable system.

Recommendation:

Patches for affected systems are available.  Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

For Oracle Java SE products, please refer to the following link:

  • Java Platform SE 8u281 (JDK and JRE)
  • Java Platform SE 11.0.10 (JDK and JRE)
  • Java Platform SE 15.0.2 (JDK and JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

For OpenJDK, please refer to the following link:
https://jdk.java.net/

Users could also access the security advisory below for the information about the security updates of other Oracle products:
https://www.oracle.com/security-alerts/cpujan2021.html

Users may contact their product support vendors for the fixes and assistance.

More Information:

https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/java/technologies/javase/8u281-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-10-relnotes.html
https://www.oracle.com/java/technologies/javase/15-0-2-relnotes.html
https://openjdk.java.net/groups/vulnerability/advisories/2021-01-19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1993 (to CVE-2021-2007)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2009 (to CVE-2021-2036)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2038 (to CVE-2021-2052)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2054 (to CVE-2021-2094)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2096 (to CVE-2021-2131)



Tag: Oracle , Java , OpenJDK , Oracle Database , Oracle Linux , MySQL , Sun Systems , Fusion
Tags