what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-5719-1

Ubuntu Security Notice USN-5719-1
Posted Nov 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5719-1 - It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, spoof
systems | linux, ubuntu
advisories | CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399
SHA-256 | ab9280f314ac81de4a3ed054866e30b013b2d1631d6819d87f2ce15b72e94064
Download | Favorite | View

Ubuntu Security Notice USN-5719-1

Change Mirror Download
=========================================================================
Ubuntu Security Notice USN-5719-1
November 09, 2022

openjdk-8, openjdk-lts, openjdk-17, openjdk-19 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in OpenJDK.

Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-19: Open Source Java implementation
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation

Details:

It was discovered that OpenJDK incorrectly handled long client hostnames.
An attacker could possibly use this issue to cause the corruption of
sensitive information. (CVE-2022-21619)

It was discovered that OpenJDK incorrectly randomized DNS port numbers. A
remote attacker could possibly use this issue to perform spoofing attacks.
(CVE-2022-21624)

It was discovered that OpenJDK did not limit the number of connections
accepted from HTTP clients. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21628)

It was discovered that OpenJDK incorrectly handled X.509 certificates. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626)

It was discovered that OpenJDK incorrectly handled cached server
connections. An attacker could possibly use this issue to perform spoofing
attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-39399)

It was discovered that OpenJDK incorrectly handled byte conversions. An
attacker could possibly use this issue to obtain sensitive information.
This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-21618)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2
  openjdk-11-jre                  11.0.17+8-1ubuntu2
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2
  openjdk-17-jdk                  17.0.5+8-2ubuntu1
  openjdk-17-jre                  17.0.5+8-2ubuntu1
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1
  openjdk-19-jdk                  19.0.1+10-1
  openjdk-19-jre                  19.0.1+10-1
  openjdk-19-jre-headless         19.0.1+10-1
  openjdk-19-jre-zero             19.0.1+10-1
  openjdk-8-jdk                   8u352-ga-1~22.10
  openjdk-8-jre                   8u352-ga-1~22.10
  openjdk-8-jre-headless          8u352-ga-1~22.10
  openjdk-8-jre-zero              8u352-ga-1~22.10

Ubuntu 22.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~22.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~22.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~22.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~22.04
  openjdk-19-jdk                  19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre                  19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre-headless         19.0.1+10-1ubuntu1~22.04
  openjdk-19-jre-zero             19.0.1+10-1ubuntu1~22.04
  openjdk-8-jdk                   8u352-ga-1~22.04
  openjdk-8-jre                   8u352-ga-1~22.04
  openjdk-8-jre-headless          8u352-ga-1~22.04
  openjdk-8-jre-zero              8u352-ga-1~22.04

Ubuntu 20.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~20.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~20.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~20.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~20.04
  openjdk-8-jdk                   8u352-ga-1~20.04
  openjdk-8-jre                   8u352-ga-1~20.04
  openjdk-8-jre-headless          8u352-ga-1~20.04
  openjdk-8-jre-zero              8u352-ga-1~20.04

Ubuntu 18.04 LTS:
  openjdk-11-jdk                  11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre                  11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre-headless         11.0.17+8-1ubuntu2~18.04
  openjdk-11-jre-zero             11.0.17+8-1ubuntu2~18.04
  openjdk-17-jdk                  17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre                  17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre-headless         17.0.5+8-2ubuntu1~18.04
  openjdk-17-jre-zero             17.0.5+8-2ubuntu1~18.04
  openjdk-8-jdk                   8u352-ga-1~18.04
  openjdk-8-jre                   8u352-ga-1~18.04
  openjdk-8-jre-headless          8u352-ga-1~18.04
  openjdk-8-jre-zero              8u352-ga-1~18.04

Ubuntu 16.04 ESM:
  openjdk-8-jdk                   8u352-ga-1~16.04
  openjdk-8-jre                   8u352-ga-1~16.04
  openjdk-8-jre-headless          8u352-ga-1~16.04
  openjdk-8-jre-zero              8u352-ga-1~16.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5719-1
  CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626,
  CVE-2022-21628, CVE-2022-39399

Package Information:
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1
  https://launchpad.net/ubuntu/+source/openjdk-19/19.0.1+10-1
  https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~22.10
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~22.04
  https://launchpad.net/ubuntu/+source/openjdk-19/19.0.1+10-1ubuntu1~22.04
  https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~22.04
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~22.04
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~20.04
  https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~20.04
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~20.04
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~18.04
  https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~18.04
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~18.04
Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    31 Files
  • 31
    Mar 31st
    15 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close