Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 23.10: USN-6527-1 critical: openjdk memory corruption DoS risk

ubuntu
Calendar Grey November 29, 2023
Dist Ubuntu Esm H88
On December 1, 2023, Fedora released patches to fix security issues in OpenJDK versions 18 and 20 for user protection.
Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK.

Summary

Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK.

Software Description:

- openjdk-17: Open Source Java implementation

- openjdk-21: Open Source Java implementation

- openjdk-lts: Open Source Java implementation

Details:

Carter Kozak discovered that OpenJDK, when compiling with AVX-512

instruction support enabled, could produce code that resulted in memory

corruption in certain situations. An attacker targeting applications built

in this way could possibly use this to cause a denial of service or execute

arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512

instructions. (CVE-2023-22025)

It was discovered that OpenJDK did not properly perform PKIX certification

path validation in certain situations. An attacker could use this to cause

a denial of service. (CVE-2023-22081)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  openjdk-11-jdk                  11.0.21+9-0ubuntu1~23.10
  openjdk-11-jdk-headless         11.0.21+9-0ubuntu1~23.10
  openjdk-11-jre                  11.0.21+9-0ubuntu1~23.10
  openjdk-11-jre-headless         11.0.21+9-0ubuntu1~23.10
  openjdk-11-jre-zero             11.0.21+9-0ubuntu1~23.10
  openjdk-17-jdk                  17.0.9+9-1~23.10
  openjdk-17-jdk-headless         17.0.9+9-1~23.10
  openjdk-17-jre                  17.0.9+9-1~23.10
  openjdk-17-jre-headless         17.0.9+9-1~23.10
  openjdk-17-jre-zero             17.0.9+9-1~23.10
  openjdk-21-jdk                  21.0.1+12-2~23.10
  openjdk-21-jdk-headless         21.0.1+12-2~23.10
  openjdk-21-jre                  21.0.1+12-2~23.10
  openjdk-21-jre-headless         21.0.1+12-2~23.10
  openjdk-21-jre-zero             21.0.1+12-2~23.10

Ubuntu 23.04:
  openjdk-11-jdk                  11.0.21+9-0ubuntu1~23.04
  openjdk-11-jdk-headless         11.0.21+9-0ubuntu1~23.04
  openjdk-11-jre                  11.0.21+9-0ubuntu1~23.04
  openjdk-11-jre-headless         11.0.21+9-0ubuntu1~23.04
  openjdk-11-jre-zero             11.0.21+9-0ubuntu1~23.04
  openjdk-17-jdk                  17.0.9+9-1~23.04
  openjdk-17-jdk-headless         17.0.9+9-1~23.04
  openjdk-17-jre                  17.0.9+9-1~23.04
  openjdk-17-jre-headless         17.0.9+9-1~23.04
  openjdk-17-jre-zero             17.0.9+9-1~23.04
  openjdk-21-jdk                  21.0.1+12-2~23.04
  openjdk-21-jdk-headless         21.0.1+12-2~23.04
  openjdk-21-jre                  21.0.1+12-2~23.04
  openjdk-21-jre-headless         21.0.1+12-2~23.04
  openjdk-21-jre-zero             21.0.1+12-2~23.04

Ubuntu 22.04 LTS:
  openjdk-11-jdk                  11.0.21+9-0ubuntu1~22.04
  openjdk-11-jdk-headless         11.0.21+9-0ubuntu1~22.04
  openjdk-11-jre                  11.0.21+9-0ubuntu1~22.04
  openjdk-11-jre-headless         11.0.21+9-0ubuntu1~22.04
  openjdk-11-jre-zero             11.0.21+9-0ubuntu1~22.04
  openjdk-17-jdk                  17.0.9+9-1~22.04
  openjdk-17-jdk-headless         17.0.9+9-1~22.04
  openjdk-17-jre                  17.0.9+9-1~22.04
  openjdk-17-jre-headless         17.0.9+9-1~22.04
  openjdk-17-jre-zero             17.0.9+9-1~22.04

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.21+9-0ubuntu1~20.04
  openjdk-11-jdk-headless         11.0.21+9-0ubuntu1~20.04
  openjdk-11-jre                  11.0.21+9-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.21+9-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.21+9-0ubuntu1~20.04
  openjdk-17-jdk                  17.0.9+9-1~20.04
  openjdk-17-jdk-headless         17.0.9+9-1~20.04
  openjdk-17-jre                  17.0.9+9-1~20.04
  openjdk-17-jre-headless         17.0.9+9-1~20.04
  openjdk-17-jre-zero             17.0.9+9-1~20.04

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  openjdk-11-jdk                  11.0.21+9-0ubuntu1~18.04
  openjdk-11-jdk-headless         11.0.21+9-0ubuntu1~18.04
  openjdk-11-jre                  11.0.21+9-0ubuntu1~18.04
  openjdk-11-jre-headless         11.0.21+9-0ubuntu1~18.04
  openjdk-11-jre-zero             11.0.21+9-0ubuntu1~18.04
  openjdk-17-jdk                  17.0.9+9-1~18.04
  openjdk-17-jdk-headless         17.0.9+9-1~18.04
  openjdk-17-jre                  17.0.9+9-1~18.04
  openjdk-17-jre-headless         17.0.9+9-1~18.04
  openjdk-17-jre-zero             17.0.9+9-1~18.04

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6527-1

CVE-2023-22025, CVE-2023-22081

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6527-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here