Security Alert (A21-04-06): Multiple Vulnerabilities in Oracle Java and Oracle Products (April 2021)


 

Published on: 21 April 2021

  
  

Description:

Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.  The list of security updates can be found at:

https://www.oracle.com/security-alerts/cpuapr2021.html

 

Affected Systems:

  • Oracle Java SE
  • OpenJDK
  • Database
  • Oracle Linux and Virtualization
  • Oracle MySQL Product Suite
  • Oracle and Sun Systems Products Suite
  • Fusion Applications and Middleware
  • NoSQL Database 

A complete list of the affected products can be found at:

https://www.oracle.com/security-alerts/cpuapr2021.html

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to denial of services, remote code execution, data tampering, information disclosure, security feature bypass, system crash or compromise of a vulnerable system.

 

Recommendation:

Patches for affected systems are available.  Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

For Oracle Java SE products, please refer to the following link:

  • Java Platform SE 8u291 (JDK and JRE)
  • Java Platform SE 11.0.11 (JDK and JRE)
  • Java Platform SE 16.0.1 (JDK and JRE)

https://www.oracle.com/java/technologies/javase-downloads.html

For OpenJDK, please refer to the following link:

https://jdk.java.net/

Users could also access the security advisory below for the information about the security updates of other Oracle products:

https://www.oracle.com/security-alerts/cpuapr2021.html

Users may contact their product support vendors for the fixes and assistance.

 

More Information:

  • https://www.oracle.com/security-alerts/cpuapr2021.html
  • https://www.oracle.com/java/technologies/javase/8u291-relnotes.html
  • https://www.oracle.com/java/technologies/javase/11-0-11-relnotes.html
  • https://www.oracle.com/java/technologies/javase/16-0-1-relnotes.html
  • https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20
  • https://www.hkcert.org/security-bulletin/oracle-products-multiple-vulnerabilities_20210421
  • https://us-cert.cisa.gov/ncas/current-activity/2021/04/20/oracle-releases-april-2021-critical-patch-update
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2542
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14735
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1285
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0219
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0227
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0228
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2904
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3740
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3773
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5064
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10080
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12399
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12423
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17495
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5360
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5413
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9281
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9480
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9489
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10188
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11987
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11994
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11998
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13871
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13954
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17521
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24553
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26217
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27193
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27842
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2008
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2053
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2134 (to CVE-2021-2136)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2140 (to CVE-2021-2142)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2144 (to CVE-2021-2147)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2149 (to CVE-2021-2164)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2169 (to CVE-2021-2175)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2177 (to CVE-2021-2242)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2244 (to CVE-2021-2264)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2266 (to CVE-2021-2312)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2314 (to CVE-2021-2320)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20227
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22112
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22883
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841


Tag: Oracle , Java , OpenJDK , Oracle Database , Oracle Linux , MySQL , Sun Systems , Fusion , Oracle NoSQL
Tags