Ubuntu Security Notice 5898-1 - It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL.
72451c51f27af857632603e483d9bfa9c145b4a50405558130ae42f60da00e32==========================================================================
Ubuntu Security Notice USN-5898-1
February 28, 2023
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the Serialization component of OpenJDK did not
properly handle the deserialization of some CORBA objects. An attacker
could possibly use this to bypass Java sandbox restrictions.
(CVE-2023-21830)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
openjdk-8-jdk 8u362-ga-0ubuntu1~22.10
openjdk-8-jre 8u362-ga-0ubuntu1~22.10
openjdk-8-jre-headless 8u362-ga-0ubuntu1~22.10
openjdk-8-jre-zero 8u362-ga-0ubuntu1~22.10
Ubuntu 22.04 LTS:
openjdk-8-jdk 8u362-ga-0ubuntu1~22.04
openjdk-8-jre 8u362-ga-0ubuntu1~22.04
openjdk-8-jre-headless 8u362-ga-0ubuntu1~22.04
openjdk-8-jre-zero 8u362-ga-0ubuntu1~22.04
Ubuntu 20.04 LTS:
openjdk-8-jdk 8u362-ga-0ubuntu1~20.04.1
openjdk-8-jre 8u362-ga-0ubuntu1~20.04.1
openjdk-8-jre-headless 8u362-ga-0ubuntu1~20.04.1
openjdk-8-jre-zero 8u362-ga-0ubuntu1~20.04.1
Ubuntu 18.04 LTS:
openjdk-8-jdk 8u362-ga-0ubuntu1~18.04.1
openjdk-8-jre 8u362-ga-0ubuntu1~18.04.1
openjdk-8-jre-headless 8u362-ga-0ubuntu1~18.04.1
openjdk-8-jre-zero 8u362-ga-0ubuntu1~18.04.1
Ubuntu 16.04 ESM:
openjdk-8-jdk 8u362-ga-0ubuntu1~16.04.1
openjdk-8-jre 8u362-ga-0ubuntu1~16.04.1
openjdk-8-jre-headless 8u362-ga-0ubuntu1~16.04.1
openjdk-8-jre-zero 8u362-ga-0ubuntu1~16.04.1
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5898-1
CVE-2023-21830, CVE-2023-21843
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~22.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~20.04.1
https://launchpad.net/ubuntu/+source/openjdk-8/8u362-ga-0ubuntu1~18.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed