Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Ubuntu 21.10: USN-5313-2 Moderate: OpenJDK 11 Server Connectivity Issue

ubuntu
Calendar Grey March 29, 2022
Dist Ubuntu Esm H88
Ubuntu USN-5314-1 resolves a vulnerability in OpenJDK impacting client stability. Upgrade immediately for enhanced protection.
USN-5313-1 introduced a regression in OpenJDK 11.

Summary

USN-5313-1 introduced a regression in OpenJDK 11.

Software Description:

- openjdk-lts: Open Source Java implementation

Details:

USN-5313-1 fixed vulnerabilities and added features in OpenJDK.

Unfortunately, that update introduced a regression in OpenJDK 11 that

could impact interoperability with some popular HTTP/2 servers making

it unable to connect to said servers. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that OpenJDK incorrectly handled deserialization filters.

An attacker could possibly use this issue to insert, delete or obtain

sensitive information. (CVE-2022-21248)

It was discovered that OpenJDK incorrectly read uncompressed TIFF files.

An attacker could possibly use this issue to cause a denial of service via

a specially crafted TIFF file. (CVE-2022-21277)

Jonni Passki discovered that OpenJDK incorrectly verified access

restrictions when performing URI resolution. An attacker could possibly

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  openjdk-11-jdk                  11.0.14.1+1-0ubuntu1~21.10
  openjdk-11-jdk-headless         11.0.14.1+1-0ubuntu1~21.10
  openjdk-11-jre                  11.0.14.1+1-0ubuntu1~21.10
  openjdk-11-jre-headless         11.0.14.1+1-0ubuntu1~21.10
  openjdk-11-jre-zero             11.0.14.1+1-0ubuntu1~21.10

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.14.1+1-0ubuntu1~20.04
  openjdk-11-jdk-headless         11.0.14.1+1-0ubuntu1~20.04
  openjdk-11-jre                  11.0.14.1+1-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.14.1+1-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.14.1+1-0ubuntu1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.14.1+1-0ubuntu1~18.04
  openjdk-11-jdk-headless         11.0.14.1+1-0ubuntu1~18.04
  openjdk-11-jre                  11.0.14.1+1-0ubuntu1~18.04
  openjdk-11-jre-headless         11.0.14.1+1-0ubuntu1~18.04
  openjdk-11-jre-zero             11.0.14.1+1-0ubuntu1~18.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5313-2

https://ubuntu.com/security/notices/USN-5313-1

https://bugs.launchpad.net/ubuntu/+source/openjdk-lts/+bug/1966338

March 29, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.