Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu: 2022-03-07 Security Advisory: OpenJDK Moderate Risks

ubuntu
Calendar Grey March 7, 2022
Dist Ubuntu Esm H88
A number of vulnerabilities addressed in OpenJDK impacting various versions of Ubuntu. Ensure your system is updated to protect against potential risks.
Several security issues were fixed in OpenJDK.

Summary

Several security issues were fixed in OpenJDK.

Software Description:

- openjdk-17: Open Source Java implementation

- openjdk-lts: Open Source Java implementation

Details:

It was discovered that OpenJDK incorrectly handled deserialization filters.

An attacker could possibly use this issue to insert, delete or obtain

sensitive information. (CVE-2022-21248)

It was discovered that OpenJDK incorrectly read uncompressed TIFF files.

An attacker could possibly use this issue to cause a denial of service via

a specially crafted TIFF file. (CVE-2022-21277)

Jonni Passki discovered that OpenJDK incorrectly verified access

restrictions when performing URI resolution. An attacker could possibly

use this issue to obtain sensitive information. (CVE-2022-21282)

It was discovered that OpenJDK incorrectly handled certain regular

expressions in the Pattern class implementation. An attacker could

possibly use this issue to cause a denial of service. (CVE-2022-21283)

It was discovered that OpenJD...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  openjdk-11-jdk                  11.0.14+9-0ubuntu2~22.10
  openjdk-11-jre                  11.0.14+9-0ubuntu2~22.10
  openjdk-11-jre-headless         11.0.14+9-0ubuntu2~22.10
  openjdk-11-jre-zero             11.0.14+9-0ubuntu2~22.10
  openjdk-17-jdk                  17.0.2+8-1~22.10
  openjdk-17-jre                  17.0.2+8-1~22.10
  openjdk-17-jre-headless         17.0.2+8-1~22.10
  openjdk-17-jre-zero             17.0.2+8-1~22.10

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.14+9-0ubuntu2~20.04
  openjdk-11-jre                  11.0.14+9-0ubuntu2~20.04
  openjdk-11-jre-headless         11.0.14+9-0ubuntu2~20.04
  openjdk-11-jre-zero             11.0.14+9-0ubuntu2~20.04
  openjdk-17-jdk                  17.0.2+8-1~20.04
  openjdk-17-jre                  17.0.2+8-1~20.04
  openjdk-17-jre-headless         17.0.2+8-1~20.04
  openjdk-17-jre-zero             17.0.2+8-1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.14+9-0ubuntu2~18.04
  openjdk-11-jre                  11.0.14+9-0ubuntu2~18.04
  openjdk-11-jre-headless         11.0.14+9-0ubuntu2~18.04
  openjdk-11-jre-zero             11.0.14+9-0ubuntu2~18.04
  openjdk-17-jdk                  17.0.2+8-1~18.04
  openjdk-17-jre                  17.0.2+8-1~18.04
  openjdk-17-jre-headless         17.0.2+8-1~18.04
  openjdk-17-jre-zero             17.0.2+8-1~18.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5313-1

CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283,

CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296,

CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341,

CVE-2022-21360, CVE-2022-21365, CVE-2022-21366

Severity
important
Lowest
Low
Medium
High
Critical

March 07, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.