Lucene search

UbuntuUSN-5719-1

HistoryNov 09, 2022 - 12:00 a.m.

OpenJDK vulnerabilities

2022-11-0900:00:00

ubuntu.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Releases

Ubuntu 22.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

openjdk-17 - Open Source Java implementation
openjdk-19 - Open Source Java implementation
openjdk-8 - Open Source Java implementation
openjdk-lts - Open Source Java implementation

Details

It was discovered that OpenJDK incorrectly handled long client hostnames.
An attacker could possibly use this issue to cause the corruption of
sensitive information. (CVE-2022-21619)

It was discovered that OpenJDK incorrectly randomized DNS port numbers. A
remote attacker could possibly use this issue to perform spoofing attacks.
(CVE-2022-21624)

It was discovered that OpenJDK did not limit the number of connections
accepted from HTTP clients. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-21628)

It was discovered that OpenJDK incorrectly handled X.509 certificates. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626)

It was discovered that OpenJDK incorrectly handled cached server
connections. An attacker could possibly use this issue to perform spoofing
attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-39399)

It was discovered that OpenJDK incorrectly handled byte conversions. An
attacker could possibly use this issue to obtain sensitive information.
This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
(CVE-2022-21618)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.10noarchopenjdk-8-jre-headless< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-dbg< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-demo< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-doc< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-jdk< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-jdk-headless< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-jre< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-jre-zero< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-8-source< 8u352-ga-1~22.10UNKNOWN
Ubuntu22.10noarchopenjdk-11-jre-headless< 11.0.17+8-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.10	noarch	openjdk-8-jre-headless	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-dbg	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-demo	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-doc	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-jdk	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-jdk-headless	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-jre	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-jre-zero	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-8-source	< 8u352-ga-1~22.10	UNKNOWN
Ubuntu	22.10	noarch	openjdk-11-jre-headless	< 11.0.17+8-1ubuntu2	UNKNOWN