Explore top 10 tips to secure your open-source projects now. Read More
×
USN-5313-1 introduced a regression in OpenJDK 11.
Software Description:
- openjdk-lts: Open Source Java implementation
Details:
USN-5313-1 fixed vulnerabilities and added features in OpenJDK.
Unfortunately, that update introduced a regression in OpenJDK 11 that
could impact interoperability with some popular HTTP/2 servers making
it unable to connect to said servers. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that OpenJDK incorrectly handled deserialization filters.
An attacker could possibly use this issue to insert, delete or obtain
sensitive information. (CVE-2022-21248)
It was discovered that OpenJDK incorrectly read uncompressed TIFF files.
An attacker could possibly use this issue to cause a denial of service via
a specially crafted TIFF file. (CVE-2022-21277)
Jonni Passki discovered that OpenJDK incorrectly verified access
restrictions when performing URI resolution. An attacker could possibly
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: openjdk-11-jdk 11.0.14.1+1-0ubuntu1~21.10 openjdk-11-jdk-headless 11.0.14.1+1-0ubuntu1~21.10 openjdk-11-jre 11.0.14.1+1-0ubuntu1~21.10 openjdk-11-jre-headless 11.0.14.1+1-0ubuntu1~21.10 openjdk-11-jre-zero 11.0.14.1+1-0ubuntu1~21.10 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.14.1+1-0ubuntu1~20.04 openjdk-11-jdk-headless 11.0.14.1+1-0ubuntu1~20.04 openjdk-11-jre 11.0.14.1+1-0ubuntu1~20.04 openjdk-11-jre-headless 11.0.14.1+1-0ubuntu1~20.04 openjdk-11-jre-zero 11.0.14.1+1-0ubuntu1~20.04 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jdk-headless 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre-headless 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre-zero 11.0.14.1+1-0ubuntu1~18.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5313-2
https://ubuntu.com/security/notices/USN-5313-1
https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1966338
Get the latest Linux and open source security news straight to your inbox.