USN-5897-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5897-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5897-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5897-1
Related
Published
2023-02-28T02:55:52.212764Z
Modified
2023-02-28T02:55:52.212764Z
Summary
openjdk-17, openjdk-19, openjdk-lts vulnerabilities
Details

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. (CVE-2023-21835)

Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843)

References

Affected packages

Ubuntu:22.04:LTS / openjdk-17

Package

Name
openjdk-17

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~22.04

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~22.04"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-lts

Package

Name
openjdk-lts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~22.04

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~22.04"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-19

Package

Name
openjdk-19

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
19.0.2+7-0ubuntu3~22.04

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-19-jre-zero": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jre-headless": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jdk": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-demo": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-doc": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-source": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jre": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jdk-headless": "19.0.2+7-0ubuntu3~22.04"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-17

Package

Name
openjdk-17

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~20.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-lts

Package

Name
openjdk-lts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~20.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~20.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / openjdk-17

Package

Name
openjdk-17

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~18.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~18.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / openjdk-lts

Package

Name
openjdk-lts

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~18.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~18.04.1"
        }
    ]
}