USN-5897-1: OpenJDK vulnerabilities
28 February 2023
Several security issues were fixed in OpenJDK.
Releases
Packages
- openjdk-17 - Open Source Java implementation
- openjdk-19 - Open Source Java implementation
- openjdk-lts - Open Source Java implementation
Details
Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget
discovered that the DTLS implementation in the JSSE subsystem of OpenJDK
did not properly restrict handshake initiation requests from clients. A
remote attacker could possibly use this to cause a denial of service.
(CVE-2023-21835)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
-
openjdk-11-jre-headless
-
11.0.18+10-0ubuntu1~22.10
-
openjdk-11-jdk
-
11.0.18+10-0ubuntu1~22.10
-
openjdk-17-jre-headless
-
17.0.6+10-0ubuntu1~22.10
-
openjdk-17-jre
-
17.0.6+10-0ubuntu1~22.10
-
openjdk-19-jre-zero
-
19.0.2+7-0ubuntu3~22.10
-
openjdk-17-jre-zero
-
17.0.6+10-0ubuntu1~22.10
-
openjdk-19-jre
-
19.0.2+7-0ubuntu3~22.10
-
openjdk-11-jre-zero
-
11.0.18+10-0ubuntu1~22.10
-
openjdk-17-jdk
-
17.0.6+10-0ubuntu1~22.10
-
openjdk-19-jre-headless
-
19.0.2+7-0ubuntu3~22.10
-
openjdk-19-jdk
-
19.0.2+7-0ubuntu3~22.10
-
openjdk-11-jre
-
11.0.18+10-0ubuntu1~22.10
Ubuntu 22.04
-
openjdk-11-jre-headless
-
11.0.18+10-0ubuntu1~22.04
-
openjdk-11-jdk
-
11.0.18+10-0ubuntu1~22.04
-
openjdk-17-jre-headless
-
17.0.6+10-0ubuntu1~22.04
-
openjdk-17-jre
-
17.0.6+10-0ubuntu1~22.04
-
openjdk-19-jre-zero
-
19.0.2+7-0ubuntu3~22.04
-
openjdk-17-jre-zero
-
17.0.6+10-0ubuntu1~22.04
-
openjdk-19-jre
-
19.0.2+7-0ubuntu3~22.04
-
openjdk-11-jre-zero
-
11.0.18+10-0ubuntu1~22.04
-
openjdk-17-jdk
-
17.0.6+10-0ubuntu1~22.04
-
openjdk-19-jre-headless
-
19.0.2+7-0ubuntu3~22.04
-
openjdk-19-jdk
-
19.0.2+7-0ubuntu3~22.04
-
openjdk-11-jre
-
11.0.18+10-0ubuntu1~22.04
Ubuntu 20.04
-
openjdk-17-jdk
-
17.0.6+10-0ubuntu1~20.04.1
-
openjdk-17-jre-zero
-
17.0.6+10-0ubuntu1~20.04.1
-
openjdk-11-jre-zero
-
11.0.18+10-0ubuntu1~20.04.1
-
openjdk-11-jre-headless
-
11.0.18+10-0ubuntu1~20.04.1
-
openjdk-11-jdk
-
11.0.18+10-0ubuntu1~20.04.1
-
openjdk-17-jre-headless
-
17.0.6+10-0ubuntu1~20.04.1
-
openjdk-11-jre
-
11.0.18+10-0ubuntu1~20.04.1
-
openjdk-17-jre
-
17.0.6+10-0ubuntu1~20.04.1
Ubuntu 18.04
-
openjdk-17-jdk
-
17.0.6+10-0ubuntu1~18.04.1
-
openjdk-17-jre-zero
-
17.0.6+10-0ubuntu1~18.04.1
-
openjdk-11-jre-zero
-
11.0.18+10-0ubuntu1~18.04.1
-
openjdk-11-jre-headless
-
11.0.18+10-0ubuntu1~18.04.1
-
openjdk-11-jdk
-
11.0.18+10-0ubuntu1~18.04.1
-
openjdk-17-jre-headless
-
17.0.6+10-0ubuntu1~18.04.1
-
openjdk-11-jre
-
11.0.18+10-0ubuntu1~18.04.1
-
openjdk-17-jre
-
17.0.6+10-0ubuntu1~18.04.1
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets make all the necessary changes.
References
Related notices
- USN-5898-1: openjdk-8-jre-headless, openjdk-8-jre-zero, openjdk-8-doc, openjdk-8-jre, openjdk-8, openjdk-8-source, openjdk-8-jdk-headless, openjdk-8-demo, openjdk-8-jdk