20.02.500.0

Need help?

Schedule a consultation with an Azul performance expert.

20.02.500.0

Release date: October 20, 2020

This CPU release is based on the following OpenJDK versions:

Major Version	OpenJDK Version
7	7u281
8	8u271
11	11.0.8.0.101+5

What’s New

October 2020 Critical Patch Update (CPU).

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2020-14803	Libraries	Multiple	Yes	5.3	Network	Low	None	None	Unchanged	Low	None	None	15, 13, 11, 8, 7, 6	Note 1
CVE-2020-14792	Hotspot	Multiple	Yes	4.2	Network	High	None	Required	Unchanged	Low	Low	None	15, 13, 11, 8, 7, 6	Note 2
CVE-2020-14779	Serialization	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	15, 13, 11, 8, 7, 6	Note 2
CVE-2020-14781	JNDI	Multiple	Yes	3.7	Network	High	None	None	Unchanged	Low	None	None	15, 13, 11, 8, 7, 6	Note 2
CVE-2020-14782	Libraries	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	15, 13, 11, 8, 7	Note 2
CVE-2020-14797	Libraries	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	Low	None	15, 13, 11, 8, 7	Note 2
CVE-2020-14796	Libraries	Multiple	Yes	3.1	Network	High	None	Required	Unchanged	Low	None	None	15, 13, 11, 8, 7	Note 1
CVE-2020-14798	Libraries	Multiple	Yes	3.1	Network	High	None	Required	Unchanged	None	Low	None	15, 13, 11, 8, 7	Note 1

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2020-14803

Libraries

Multiple

Yes

5.3

Network

Low

None

Unchanged

Low

None

15, 13, 11, 8, 7, 6

Note 1

CVE-2020-14792

Hotspot

Multiple

Yes

4.2

Network

High

None

Required

Unchanged

Low

None

15, 13, 11, 8, 7, 6

Note 2

CVE-2020-14779

Serialization

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

15, 13, 11, 8, 7, 6

Note 2

CVE-2020-14781

JNDI

Multiple

Yes

3.7

Network

High

None

Unchanged

Low

None

15, 13, 11, 8, 7, 6

Note 2

CVE-2020-14782

Libraries

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

15, 13, 11, 8, 7

Note 2

CVE-2020-14797

Libraries

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

None

15, 13, 11, 8, 7

Note 2

CVE-2020-14796

Libraries

Multiple

Yes

3.1

Network

High

None

Required

Unchanged

Low

None

15, 13, 11, 8, 7

Note 1

CVE-2020-14798

Libraries

Multiple

Yes

3.1

Network

High

None

Required

Unchanged

None

Low

None

15, 13, 11, 8, 7

Note 1

Notes:

ID	Notes
1	This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2	This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

Notes

This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.

Resolved Issues

There are no resolved issues to report in this release.

Known Issues

There are no new issues to report in this release.