It was discovered that the NIO Buffer implementation in the Libraries component of OpenJDK contained a race condition affecting boundary checks. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Public now via Oracle CPU October 2020: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA Fixed in Oracle Java SE 15.0.1 and 11.0.9.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4306 https://access.redhat.com/errata/RHSA-2020:4306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4305 https://access.redhat.com/errata/RHSA-2020:4305
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14803
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4307 https://access.redhat.com/errata/RHSA-2020:4307
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4316 https://access.redhat.com/errata/RHSA-2020:4316
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/4cd63c53fa05 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f6804947798c
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4349 https://access.redhat.com/errata/RHSA-2020:4349
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4347 https://access.redhat.com/errata/RHSA-2020:4347
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4352 https://access.redhat.com/errata/RHSA-2020:4352
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4348 https://access.redhat.com/errata/RHSA-2020:4348
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4350 https://access.redhat.com/errata/RHSA-2020:4350
This is now also fixed in Oracle Java SE 7u291 and 8u281 Oracle CPU January 2021: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixJAVA
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2021:0717 https://access.redhat.com/errata/RHSA-2021:0717
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2021:0733 https://access.redhat.com/errata/RHSA-2021:0733
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0736 https://access.redhat.com/errata/RHSA-2021:0736