USN-5897-1
- Source
- https://ubuntu.com/security/notices/USN-5897-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5897-1.json
- Related
- Published
- 2023-02-28T02:55:52.212764Z
- Modified
- 2023-02-28T02:55:52.212764Z
- Summary
- openjdk-17, openjdk-19, openjdk-lts vulnerabilities
- Details
-
Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. (CVE-2023-21835)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
- References
Affected packages
Ubuntu:22.04:LTS / openjdk-17
Package
- Name
- openjdk-17
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed17.0.6+10-0ubuntu1~22.04
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-17-jdk": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-demo": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-jre": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-source": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-doc": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~22.04",
"openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed11.0.18+10-0ubuntu1~22.04
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-demo": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-jdk": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-doc": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-source": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-jre": "11.0.18+10-0ubuntu1~22.04",
"openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-19
Package
- Name
- openjdk-19
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed19.0.2+7-0ubuntu3~22.04
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-19-jre-zero": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-jre-headless": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-jdk": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-demo": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-doc": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-source": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-jre": "19.0.2+7-0ubuntu3~22.04",
"openjdk-19-jdk-headless": "19.0.2+7-0ubuntu3~22.04"
}
]
}
Ubuntu:20.04:LTS / openjdk-17
Package
- Name
- openjdk-17
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed17.0.6+10-0ubuntu1~20.04.1
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-17-jdk": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-demo": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-jre": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-source": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-doc": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~20.04.1",
"openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~20.04.1"
}
]
}
Ubuntu:20.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed11.0.18+10-0ubuntu1~20.04.1
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-demo": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-source": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-jdk": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-doc": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-jre": "11.0.18+10-0ubuntu1~20.04.1",
"openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~20.04.1"
}
]
}
Ubuntu:18.04:LTS / openjdk-17
Package
- Name
- openjdk-17
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed17.0.6+10-0ubuntu1~18.04.1
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-17-jdk": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-demo": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-jre": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-source": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-doc": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~18.04.1",
"openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~18.04.1"
}
]
}
Ubuntu:18.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed11.0.18+10-0ubuntu1~18.04.1
Ecosystem specific
{
"availability": "No subscription needed",
"binaries": [
{
"openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-demo": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-source": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-jdk": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-doc": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-jre": "11.0.18+10-0ubuntu1~18.04.1",
"openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~18.04.1"
}
]
}