Ubuntu 22.04 LTS: USN-5388-1 Critical: OpenJDK Denial Of Service
Apr 26, 2022
•
LinuxSecurity Advisories
2 - 3 min read
Several security issues were fixed in OpenJDK.
=========================================================================Ubuntu Security Notice USN-5388-1 April 26, 2022 openjdk-lts vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-lts: Open Source Java implementation Details: It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. (CVE-2022-21496) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.22.04.1 Ubuntu 21.10: openjdk-11-jdk 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.21.10.1 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5388-1 CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496 Package Information: https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.18.04.1
PREVIOUS
NEXT
Ubuntu 22.04 LTS: USN-5388-1 Critical: OpenJDK Denial Of Service
ubuntu
April 26, 2022
Several security issues were fixed in OpenJDK.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.22.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.22.04.1 Ubuntu 21.10: openjdk-11-jdk 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.21.10.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.21.10.1 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.20.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jdk-headless 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-headless 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-zero 11.0.15+10-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5388-1
CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476,
CVE-2022-21496
Severity
critical
Lowest
Low
Medium
High
Critical
April 26, 2022
Package Information
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.15+10-0ubuntu0.18.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!