Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Ubuntu 21.10 Advisory 5202-1 Critical: OpenJDK Denial of Service

ubuntu
Calendar Grey December 17, 2021
Dist Ubuntu Esm H88
Ubuntu 5202-2 advisory outlines severe vulnerabilities found in OpenJDK that impact multiple distributions.
Several security issues were fixed in OpenJDK.

Summary

Several security issues were fixed in OpenJDK.

Software Description:

- openjdk-8: Open Source Java implementation

- openjdk-lts: Open Source Java implementation

Details:

Varnavas Papaioannou discovered that the FTP client implementation in

OpenJDK accepted alternate server IP addresses when connecting with FTP

passive mode. An attacker controlling an FTP server that an application

connects to could possibly use this to expose sensitive information

(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)

Markus Loewe discovered that OpenJDK did not properly handle JAR files

containing multiple manifest files. An attacker could possibly use

this to bypass JAR signature verification. This issue only affected

Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu

21.04. (CVE-2021-2369)

Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly

perform range check elimination in so...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  openjdk-11-jre                  11.0.13+8-0ubuntu1~21.10
  openjdk-11-jre-headless         11.0.13+8-0ubuntu1~21.10
  openjdk-11-jre-zero             11.0.13+8-0ubuntu1~21.10
  openjdk-8-jre                   8u312-b07-0ubuntu1~21.10
  openjdk-8-jre-headless          8u312-b07-0ubuntu1~21.10
  openjdk-8-jre-zero              8u312-b07-0ubuntu1~21.10

Ubuntu 21.04:
  openjdk-11-jre                  11.0.13+8-0ubuntu1~21.04
  openjdk-11-jre-headless         11.0.13+8-0ubuntu1~21.04
  openjdk-11-jre-zero             11.0.13+8-0ubuntu1~21.04
  openjdk-8-jre                   8u312-b07-0ubuntu1~21.04
  openjdk-8-jre-headless          8u312-b07-0ubuntu1~21.04
  openjdk-8-jre-zero              8u312-b07-0ubuntu1~21.04

Ubuntu 20.04 LTS:
  openjdk-11-jre                  11.0.13+8-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.13+8-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.13+8-0ubuntu1~20.04
  openjdk-8-jre                   8u312-b07-0ubuntu1~20.04
  openjdk-8-jre-headless          8u312-b07-0ubuntu1~20.04
  openjdk-8-jre-zero              8u312-b07-0ubuntu1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jre                  11.0.13+8-0ubuntu1~18.04
  openjdk-11-jre-headless         11.0.13+8-0ubuntu1~18.04
  openjdk-11-jre-zero             11.0.13+8-0ubuntu1~18.04
  openjdk-8-jre                   8u312-b07-0ubuntu1~18.04
  openjdk-8-jre-headless          8u312-b07-0ubuntu1~18.04
  openjdk-8-jre-zero              8u312-b07-0ubuntu1~18.04

Ubuntu 16.04 ESM:
  openjdk-8-jre                   8u312-b07-0ubuntu1~16.04
  openjdk-8-jre-headless          8u312-b07-0ubuntu1~16.04
  openjdk-8-jre-zero              8u312-b07-0ubuntu1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5202-1

CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550,

CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564,

CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586,

CVE-2021-35588, CVE-2021-35603

Severity
critical
Lowest
Low
Medium
High
Critical

December 17, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here