what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-6077-1

Ubuntu Security Notice USN-6077-1
Posted May 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968
SHA-256 | e55b8ae2444473529159e92a21b7de23ff79ac167ebabd54e20dcb07f03f0efc

Ubuntu Security Notice USN-6077-1

Change Mirror Download
=========================================================================
Ubuntu Security Notice USN-6077-1
May 16, 2023

openjdk-8, openjdk-lts, openjdk-17, openjdk-20 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in OpenJDK.

Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-20: Open Source Java implementation
- openjdk-8: Open Source Java implementation
- openjdk-lts: Open Source Java implementation

Details:

Ben Smyth discovered that OpenJDK incorrectly handled half-duplex
connections during TLS handshake. A remote attacker could possibly use
this issue to insert, edit or obtain sensitive information.
(CVE-2023-21930)

It was discovered that OpenJDK incorrectly handled certain inputs. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21937)

It was discovered that OpenJDK incorrectly handled command arguments. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21938)

It was discovered that OpenJDK incorrectly validated HTML documents. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21939)

Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage
collection. An attacker could possibly use this issue to bypass Java
sandbox restrictions. (CVE-2023-21954)

Jonathan Looney discovered that OpenJDK incorrectly handled certificate
chains during TLS session negotiation. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-21967)

Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2023-21968)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~23.04
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~23.04
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~23.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~23.04
openjdk-20-jdk 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre-headless 20.0.1+9~us1-0ubuntu1~23.04
openjdk-20-jre-zero 20.0.1+9~us1-0ubuntu1~23.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~23.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~23.04

Ubuntu 22.10:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~22.10.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~22.10.2
openjdk-20-jdk 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre-headless 20.0.1+9~us1-0ubuntu1~22.10
openjdk-20-jre-zero 20.0.1+9~us1-0ubuntu1~22.10
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~22.10
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~22.10

Ubuntu 22.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~22.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~22.04.2
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~22.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~22.04

Ubuntu 20.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~20.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~20.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~20.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~20.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~20.04

Ubuntu 18.04 LTS:
openjdk-11-jdk 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre-headless 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-11-jre-zero 11.0.19+7~us1-0ubuntu1~18.04.1
openjdk-17-jdk 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre-headless 17.0.7+7~us1-0ubuntu1~18.04
openjdk-17-jre-zero 17.0.7+7~us1-0ubuntu1~18.04
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~18.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~18.04

Ubuntu 16.04 ESM:
openjdk-8-jdk 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre-headless 8u372-ga~us1-0ubuntu1~16.04
openjdk-8-jre-zero 8u372-ga~us1-0ubuntu1~16.04

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6077-1
CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939,
CVE-2023-21954, CVE-2023-21967, CVE-2023-21968

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-20/20.0.1+9~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~22.10.2
https://launchpad.net/ubuntu/+source/openjdk-20/20.0.1+9~us1-0ubuntu1~22.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~22.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~22.10.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~22.04.2
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~22.04.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~20.04.1
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.7+7~us1-0ubuntu1~18.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u372-ga~us1-0ubuntu1~18.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.19+7~us1-0ubuntu1~18.04.1
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close