Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 578
Alerts This Week
Warning Icon 1 578

Ubuntu 22.10: 5719-1 Critical: OpenJDK DoS And Spoofing Attacks

ubuntu
Calendar Grey November 9, 2022
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-5720-2 highlights several severe vulnerabilities in OpenJDK that impact numerous distributions.
Several security issues were fixed in OpenJDK.

Summary

Several security issues were fixed in OpenJDK.

Software Description:

- openjdk-17: Open Source Java implementation

- openjdk-19: Open Source Java implementation

- openjdk-8: Open Source Java implementation

- openjdk-lts: Open Source Java implementation

Details:

It was discovered that OpenJDK incorrectly handled long client hostnames.

An attacker could possibly use this issue to cause the corruption of

sensitive information. (CVE-2022-21619)

It was discovered that OpenJDK incorrectly randomized DNS port numbers. A

remote attacker could possibly use this issue to perform spoofing attacks.

(CVE-2022-21624)

It was discovered that OpenJDK did not limit the number of connections

accepted from HTTP clients. An attacker could possibly use this issue to

cause a denial of service. (CVE-2022-21628)

It was discovered that OpenJDK incorrectly handled X.509 certificates. An

attacker could possibly use this issue to cause a denial of service. This

issue only affected OpenJDK 8 and OpenJDK 1...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2
  openjdk-11-jre                  11.0.17+8-1ubuntu2
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2
  openjdk-17-jdk                  17.0.5+8-2ubuntu1
  openjdk-17-jre                  17.0.5+8-2ubuntu1
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1
  openjdk-19-jdk                  19.0.1+10-1
  openjdk-19-jre                  19.0.1+10-1
  openjdk-19-jre-headless         19.0.1+10-1
  openjdk-19-jre-zero             19.0.1+10-1
  openjdk-8-jdk                   8u352-ga-1~22.10
  openjdk-8-jre                   8u352-ga-1~22.10
  openjdk-8-jre-headless          8u352-ga-1~22.10
  openjdk-8-jre-zero              8u352-ga-1~22.10

Ubuntu 22.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~22.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~22.04
  openjdk-19-jdk                  19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre                  19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre-headless         19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre-zero             19.0.1+10-1ubuntu1~22.04
  openjdk-8-jdk                   8u352-ga-1~22.04
  openjdk-8-jre                   8u352-ga-1~22.04
  openjdk-8-jre-headless          8u352-ga-1~22.04
  openjdk-8-jre-zero              8u352-ga-1~22.04

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~20.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~20.04
  openjdk-8-jdk                   8u352-ga-1~20.04
  openjdk-8-jre                   8u352-ga-1~20.04
  openjdk-8-jre-headless          8u352-ga-1~20.04
  openjdk-8-jre-zero              8u352-ga-1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~18.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~18.04
  openjdk-8-jdk                   8u352-ga-1~18.04
  openjdk-8-jre                   8u352-ga-1~18.04
  openjdk-8-jre-headless          8u352-ga-1~18.04
  openjdk-8-jre-zero              8u352-ga-1~18.04

Ubuntu 16.04 ESM:
  openjdk-8-jdk                   8u352-ga-1~16.04
  openjdk-8-jre                   8u352-ga-1~16.04
  openjdk-8-jre-headless          8u352-ga-1~16.04
  openjdk-8-jre-zero              8u352-ga-1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5719-1

CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626,

CVE-2022-21628, CVE-2022-39399

Severity
critical
Lowest
Low
Medium
High
Critical

November 09, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.