USN-5898-1

Source

https://ubuntu.com/security/notices/USN-5898-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5898-1.json

Related

Published

2023-02-28T03:11:25.899003Z

Modified

2023-02-28T03:11:25.899003Z

Summary

openjdk-8 vulnerabilities

Details

It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-21830)

Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843)

References

Affected packages

Ubuntu:22.04:LTS / openjdk-8

Package

Name: openjdk-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8u362-ga-0ubuntu1~22.04

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-8-jdk-headless": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-jre-zero": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-demo": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-jre-headless": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-source": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-jdk": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-jre": "8u362-ga-0ubuntu1~22.04",
            "openjdk-8-doc": "8u362-ga-0ubuntu1~22.04"
        }
    ]
}

Ubuntu:18.04:LTS / openjdk-8

Package

Name: openjdk-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8u362-ga-0ubuntu1~18.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-8-jdk-headless": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-jre-zero": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-demo": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-jre-headless": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-source": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-jdk": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-jre": "8u362-ga-0ubuntu1~18.04.1",
            "openjdk-8-doc": "8u362-ga-0ubuntu1~18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-8

Package

Name: openjdk-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8u362-ga-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-8-jdk-headless": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-jre-zero": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-demo": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-jre-headless": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-source": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-jdk": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-jre": "8u362-ga-0ubuntu1~20.04.1",
            "openjdk-8-doc": "8u362-ga-0ubuntu1~20.04.1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / openjdk-8

Package

Name: openjdk-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

8u362-ga-0ubuntu1~16.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "openjdk-8-jdk-headless": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-jre-zero": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-demo": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-jre-headless": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-source": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-jdk": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-jre": "8u362-ga-0ubuntu1~16.04.1",
            "openjdk-8-doc": "8u362-ga-0ubuntu1~16.04.1"
        }
    ]
}