UbuntuUSN-6077-1OpenJDK vulnerabilities
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.5%
Releases
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- openjdk-17 - Open Source Java implementation
- openjdk-20 - Open Source Java implementation
- openjdk-8 - Open Source Java implementation
- openjdk-lts - Open Source Java implementation
Details
Ben Smyth discovered that OpenJDK incorrectly handled half-duplex
connections during TLS handshake. A remote attacker could possibly use
this issue to insert, edit or obtain sensitive information.
(CVE-2023-21930)
It was discovered that OpenJDK incorrectly handled certain inputs. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21937)
It was discovered that OpenJDK incorrectly handled command arguments. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21938)
It was discovered that OpenJDK incorrectly validated HTML documents. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21939)
Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage
collection. An attacker could possibly use this issue to bypass Java
sandbox restrictions. (CVE-2023-21954)
Jonathan Looney discovered that OpenJDK incorrectly handled certificate
chains during TLS session negotiation. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-21967)
Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2023-21968)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.04 | noarch | openjdk-20-jre | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-dbg | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-demo | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-doc | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-jdk | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-jdk-headless | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-jre-headless | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-jre-zero | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-20-source | < 20.0.1+9~us1-0ubuntu1~23.04 | UNKNOWN |
| Ubuntu | 23.04 | noarch | openjdk-8-jre-headless | < 8u372-ga~us1-0ubuntu1~23.04 | UNKNOWN |
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
42.5%