USN-5388-2

Source
https://ubuntu.com/security/notices/USN-5388-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5388-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5388-2
Related
Published
2022-04-26T11:57:36.675105Z
Modified
2022-04-26T11:57:36.675105Z
Summary
openjdk-17 vulnerabilities
Details

It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. (CVE-2022-21449)

It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426)

It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434)

It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443)

It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. (CVE-2022-21476)

It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. (CVE-2022-21496)

References

Affected packages

Ubuntu:18.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.3+7-0ubuntu0.18.04.1

Affected versions

17+35-1~18.*

17+35-1~18.04

17.*

17.0.1+12-1~18.04
17.0.2+8-1~18.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-dbg"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-demo"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-doc"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-jdk"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-jdk-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-jre"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-jre-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-jre-zero"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.18.04.1",
            "binary_name": "openjdk-17-source"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.3+7-0ubuntu0.20.04.1

Affected versions

17+35-1~20.*

17+35-1~20.04

17.*

17.0.1+12-1~20.04
17.0.2+8-1~20.04

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-dbg"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-demo"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-doc"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-jdk"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-jdk-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-jre"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-jre-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-jre-zero"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.20.04.1",
            "binary_name": "openjdk-17-source"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.3+7-0ubuntu0.22.04.1

Affected versions

Other

17+35-1

17.*

17.0.1+12-1
17.0.2+8-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-dbg"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-demo"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-doc"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-jdk"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-jdk-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-jre"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-jre-headless"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-jre-zero"
        },
        {
            "binary_version": "17.0.3+7-0ubuntu0.22.04.1",
            "binary_name": "openjdk-17-source"
        }
    ]
}