Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 23.10: USN-6527-1 critical: openjdk memory corruption DoS risk

ubuntu
Calendar Grey November 29, 2023
Dist Ubuntu Esm H88
On December 1, 2023, Fedora released patches to fix security issues in OpenJDK versions 18 and 20 for user protection.
Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK. Software Description: - openjdk-17: Open Source Java implementation - openjdk-21: Open Source Java implementation - openjdk-lts: Open Source Java implementation Details: Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. (CVE-2023-22025) It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of servic...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory memory corruption ubuntu dos attack java security openjdk

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: openjdk-11-jdk 11.0.21+9-0ubuntu1~23.10 openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~23.10 openjdk-11-jre 11.0.21+9-0ubuntu1~23.10 openjdk-11-jre-headless 11.0.21+9-0ubuntu1~23.10 openjdk-11-jre-zero 11.0.21+9-0ubuntu1~23.10 openjdk-17-jdk 17.0.9+9-1~23.10 openjdk-17-jdk-headless 17.0.9+9-1~23.10 openjdk-17-jre 17.0.9+9-1~23.10 openjdk-17-jre-headless 17.0.9+9-1~23.10 openjdk-17-jre-zero 17.0.9+9-1~23.10 openjdk-21-jdk 21.0.1+12-2~23.10 openjdk-21-jdk-headless 21.0.1+12-2~23.10 openjdk-21-jre 21.0.1+12-2~23.10 openjdk-21-jre-headless 21.0.1+12-2~23.10 openjdk-21-jre-zero 21.0.1+12-2~23.10 Ubuntu 23.04: openjdk-11-jdk 11.0.21+9-0ubuntu1~23.04 openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~23.04 openjdk-11-jre 11.0.21+9-0ubuntu1~23.04 openjdk-11-jre-headless 11.0.21+9-0ubuntu1~23.04 openjdk-11-jre-zero 11.0.21+9-0ubuntu1~23.04 openjdk-17-jdk 17.0.9+9-1~23.04 openjdk-17-jdk-headless 17.0.9+9-1~23.04 openjdk-17-jre 17.0.9+9-1~23.04 openjdk-17-jre-headless 17.0.9+9-1~23.04 openjdk-17-jre-zero 17.0.9+9-1~23.04 openjdk-21-jdk 21.0.1+12-2~23.04 openjdk-21-jdk-headless 21.0.1+12-2~23.04 openjdk-21-jre 21.0.1+12-2~23.04 openjdk-21-jre-headless 21.0.1+12-2~23.04 openjdk-21-jre-zero 21.0.1+12-2~23.04 Ubuntu 22.04 LTS: openjdk-11-jdk 11.0.21+9-0ubuntu1~22.04 openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~22.04 openjdk-11-jre 11.0.21+9-0ubuntu1~22.04 openjdk-11-jre-headless 11.0.21+9-0ubuntu1~22.04 openjdk-11-jre-zero 11.0.21+9-0ubuntu1~22.04 openjdk-17-jdk 17.0.9+9-1~22.04 openjdk-17-jdk-headless 17.0.9+9-1~22.04 openjdk-17-jre 17.0.9+9-1~22.04 openjdk-17-jre-headless 17.0.9+9-1~22.04 openjdk-17-jre-zero 17.0.9+9-1~22.04 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.21+9-0ubuntu1~20.04 openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~20.04 openjdk-11-jre 11.0.21+9-0ubuntu1~20.04 openjdk-11-jre-headless 11.0.21+9-0ubuntu1~20.04 openjdk-11-jre-zero 11.0.21+9-0ubuntu1~20.04 openjdk-17-jdk 17.0.9+9-1~20.04 openjdk-17-jdk-headless 17.0.9+9-1~20.04 openjdk-17-jre 17.0.9+9-1~20.04 openjdk-17-jre-headless 17.0.9+9-1~20.04 openjdk-17-jre-zero 17.0.9+9-1~20.04 Ubuntu 18.04 LTS (Available with Ubuntu Pro): openjdk-11-jdk 11.0.21+9-0ubuntu1~18.04 openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre-headless 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre-zero 11.0.21+9-0ubuntu1~18.04 openjdk-17-jdk 17.0.9+9-1~18.04 openjdk-17-jdk-headless 17.0.9+9-1~18.04 openjdk-17-jre 17.0.9+9-1~18.04 openjdk-17-jre-headless 17.0.9+9-1~18.04 openjdk-17-jre-zero 17.0.9+9-1~18.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6527-1

CVE-2023-22025, CVE-2023-22081

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6527-1

Topics%20covered

Topics Covered

security advisory memory corruption ubuntu dos attack java security openjdk

Package Information

https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~23.10 https://launchpad.net/ubuntu/+source/openjdk-21/21.0.1+12-2~23.10 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~23.10 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~23.04 https://launchpad.net/ubuntu/+source/openjdk-21/21.0.1+12-2~23.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~23.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~22.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~22.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~20.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~20.04

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here