Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-19: Open Source Java implementation
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation
Details:
It was discovered that OpenJDK incorrectly handled long client hostnames.
An attacker could possibly use this issue to cause the corruption of
sensitive information. (CVE-2022-21619)
It was discovered that OpenJDK incorrectly randomized DNS port numbers. A
remote attacker could possibly use this issue to perform spoofing attacks.
(CVE-2022-21624)
It was discovered that OpenJDK did not limit the number of connections
accepted from HTTP clients. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21628)
It was discovered that OpenJDK incorrectly handled X.509 certificates. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected OpenJDK 8 and OpenJDK 1...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: openjdk-11-jdk 11.0.17+8-1ubuntu2 openjdk-11-jre 11.0.17+8-1ubuntu2 openjdk-11-jre-headless 11.0.17+8-1ubuntu2 openjdk-11-jre-zero 11.0.17+8-1ubuntu2 openjdk-17-jdk 17.0.5+8-2ubuntu1 openjdk-17-jre 17.0.5+8-2ubuntu1 openjdk-17-jre-headless 17.0.5+8-2ubuntu1 openjdk-17-jre-zero 17.0.5+8-2ubuntu1 openjdk-19-jdk 19.0.1+10-1 openjdk-19-jre 19.0.1+10-1 openjdk-19-jre-headless 19.0.1+10-1 openjdk-19-jre-zero 19.0.1+10-1 openjdk-8-jdk 8u352-ga-1~22.10 openjdk-8-jre 8u352-ga-1~22.10 openjdk-8-jre-headless 8u352-ga-1~22.10 openjdk-8-jre-zero 8u352-ga-1~22.10 Ubuntu 22.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~22.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~22.04 openjdk-19-jdk 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre-headless 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre-zero 19.0.1+10-1ubuntu1~22.04 openjdk-8-jdk 8u352-ga-1~22.04 openjdk-8-jre 8u352-ga-1~22.04 openjdk-8-jre-headless 8u352-ga-1~22.04 openjdk-8-jre-zero 8u352-ga-1~22.04 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~20.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~20.04 openjdk-8-jdk 8u352-ga-1~20.04 openjdk-8-jre 8u352-ga-1~20.04 openjdk-8-jre-headless 8u352-ga-1~20.04 openjdk-8-jre-zero 8u352-ga-1~20.04 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~18.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~18.04 openjdk-8-jdk 8u352-ga-1~18.04 openjdk-8-jre 8u352-ga-1~18.04 openjdk-8-jre-headless 8u352-ga-1~18.04 openjdk-8-jre-zero 8u352-ga-1~18.04 Ubuntu 16.04 ESM: openjdk-8-jdk 8u352-ga-1~16.04 openjdk-8-jre 8u352-ga-1~16.04 openjdk-8-jre-headless 8u352-ga-1~16.04 openjdk-8-jre-zero 8u352-ga-1~16.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5719-1
CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626,
CVE-2022-21628, CVE-2022-39399
Get the latest Linux and open source security news straight to your inbox.