USN-5719-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-5719-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5719-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-5719-1
- Related
- Published
- 2022-11-09T11:20:53.874698Z
- Modified
- 2022-11-09T11:20:53.874698Z
- Summary
- openjdk-8, openjdk-lts, openjdk-17, openjdk-19 vulnerabilities
- Details
-
It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. (CVE-2022-21619)
It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. (CVE-2022-21624)
It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628)
It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626)
It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-39399)
It was discovered that OpenJDK incorrectly handled byte conversions. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-21618)
- References
-
- https://ubuntu.com/security/notices/USN-5719-1
- https://ubuntu.com/security/CVE-2022-21618
- https://ubuntu.com/security/CVE-2022-21619
- https://ubuntu.com/security/CVE-2022-21624
- https://ubuntu.com/security/CVE-2022-21626
- https://ubuntu.com/security/CVE-2022-21628
- https://ubuntu.com/security/CVE-2022-39399
Affected packages
Ubuntu:Pro:16.04:LTS / openjdk-8
Package
- Name
- openjdk-8
- Purl
- pkg:deb/ubuntu/openjdk-8@8u352-ga-1~16.04?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8u352-ga-1~16.04
Affected versions
Other
8u66-b01-5
8u72-b05-1ubuntu1
8u72-b05-5
8u72-b05-6
8u72-b15-1
8u72-b15-2ubuntu1
8u72-b15-2ubuntu3
8u72-b15-3ubuntu1
8u77-b03-1ubuntu2
8u77-b03-3ubuntu1
8u77-b03-3ubuntu2
8u77-b03-3ubuntu3
8u91-b14-0ubuntu4~16.*
8u91-b14-0ubuntu4~16.04.1
8u91-b14-3ubuntu1~16.*
8u91-b14-3ubuntu1~16.04.1
8u111-b14-2ubuntu0.*
8u111-b14-2ubuntu0.16.04.2
8u121-b13-0ubuntu1.*
8u121-b13-0ubuntu1.16.04.2
8u131-b11-0ubuntu1.*
8u131-b11-0ubuntu1.16.04.2
8u131-b11-2ubuntu1.*
8u131-b11-2ubuntu1.16.04.2
8u131-b11-2ubuntu1.16.04.3
8u151-b12-0ubuntu0.*
8u151-b12-0ubuntu0.16.04.2
8u162-b12-0ubuntu0.*
8u162-b12-0ubuntu0.16.04.2
8u171-b11-0ubuntu0.*
8u171-b11-0ubuntu0.16.04.1
8u181-b13-0ubuntu0.*
8u181-b13-0ubuntu0.16.04.1
8u181-b13-1ubuntu0.*
8u181-b13-1ubuntu0.16.04.1
8u191-b12-0ubuntu0.*
8u191-b12-0ubuntu0.16.04.1
8u191-b12-2ubuntu0.*
8u191-b12-2ubuntu0.16.04.1
8u212-b03-0ubuntu1.*
8u212-b03-0ubuntu1.16.04.1
8u222-b10-1ubuntu1~16.*
8u222-b10-1ubuntu1~16.04.1
8u232-b09-0ubuntu1~16.*
8u232-b09-0ubuntu1~16.04.1
8u242-b08-0ubuntu3~16.*
8u242-b08-0ubuntu3~16.04
8u252-b09-1~16.*
8u252-b09-1~16.04
8u265-b01-0ubuntu2~16.*
8u265-b01-0ubuntu2~16.04
8u272-b10-0ubuntu1~16.*
8u272-b10-0ubuntu1~16.04
8u275-b01-0ubuntu1~16.*
8u275-b01-0ubuntu1~16.04
8u282-b08-0ubuntu1~16.*
8u282-b08-0ubuntu1~16.04
8u292-b10-0ubuntu1~16.*
8u292-b10-0ubuntu1~16.04.1
8u312-b07-0ubuntu1~16.*
8u312-b07-0ubuntu1~16.04
8u342-b07-0ubuntu1~16.*
8u342-b07-0ubuntu1~16.04
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"openjdk-8-jre-jamvm": "8u352-ga-1~16.04",
"openjdk-8-doc": "8u352-ga-1~16.04",
"openjdk-8-dbg": "8u352-ga-1~16.04",
"openjdk-8-jdk-headless": "8u352-ga-1~16.04",
"openjdk-8-demo": "8u352-ga-1~16.04",
"openjdk-8-jre-zero": "8u352-ga-1~16.04",
"openjdk-8-jre-dbgsym": "8u352-ga-1~16.04",
"openjdk-8-source": "8u352-ga-1~16.04",
"openjdk-8-jre-headless": "8u352-ga-1~16.04",
"openjdk-8-jre-headless-dbgsym": "8u352-ga-1~16.04",
"openjdk-8-jdk": "8u352-ga-1~16.04",
"openjdk-8-jre": "8u352-ga-1~16.04",
"openjdk-8-demo-dbgsym": "8u352-ga-1~16.04"
}
]
}
Ubuntu:18.04:LTS / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.5+8-2ubuntu1~18.04?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.5+8-2ubuntu1~18.04
Affected versions
17+35-1~18.*
17+35-1~18.04
17.*
17.0.1+12-1~18.04
17.0.2+8-1~18.04
17.0.3+7-0ubuntu0.18.04.1
17.0.4+8-1~18.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-17-dbg": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-jdk": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-jdk-headless": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-demo": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-doc": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-source": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-jre": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-jre-zero": "17.0.5+8-2ubuntu1~18.04",
"openjdk-17-jre-headless": "17.0.5+8-2ubuntu1~18.04"
}
]
}
Ubuntu:18.04:LTS / openjdk-8
Package
- Name
- openjdk-8
- Purl
- pkg:deb/ubuntu/openjdk-8@8u352-ga-1~18.04?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8u352-ga-1~18.04
Affected versions
Other
8u144-b01-2
8u151-b12-1
8u162-b12-1
8u171-b11-0ubuntu0.*
8u171-b11-0ubuntu0.18.04.1
8u181-b13-0ubuntu0.*
8u181-b13-0ubuntu0.18.04.1
8u181-b13-1ubuntu0.*
8u181-b13-1ubuntu0.18.04.1
8u191-b12-0ubuntu0.*
8u191-b12-0ubuntu0.18.04.1
8u191-b12-2ubuntu0.*
8u191-b12-2ubuntu0.18.04.1
8u212-b03-0ubuntu1.*
8u212-b03-0ubuntu1.18.04.1
8u222-b10-1ubuntu1~18.*
8u222-b10-1ubuntu1~18.04.1
8u232-b09-0ubuntu1~18.*
8u232-b09-0ubuntu1~18.04.1
8u242-b08-0ubuntu3~18.*
8u242-b08-0ubuntu3~18.04
8u252-b09-1~18.*
8u252-b09-1~18.04
8u265-b01-0ubuntu2~18.*
8u265-b01-0ubuntu2~18.04
8u272-b10-0ubuntu1~18.*
8u272-b10-0ubuntu1~18.04
8u275-b01-0ubuntu1~18.*
8u275-b01-0ubuntu1~18.04
8u282-b08-0ubuntu1~18.*
8u282-b08-0ubuntu1~18.04
8u292-b10-0ubuntu1~18.*
8u292-b10-0ubuntu1~18.04
8u312-b07-0ubuntu1~18.*
8u312-b07-0ubuntu1~18.04
8u342-b07-0ubuntu1~18.*
8u342-b07-0ubuntu1~18.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-8-dbg": "8u352-ga-1~18.04",
"openjdk-8-jdk-headless": "8u352-ga-1~18.04",
"openjdk-8-demo": "8u352-ga-1~18.04",
"openjdk-8-jre-zero": "8u352-ga-1~18.04",
"openjdk-8-jre-headless": "8u352-ga-1~18.04",
"openjdk-8-source": "8u352-ga-1~18.04",
"openjdk-8-jdk": "8u352-ga-1~18.04",
"openjdk-8-jre": "8u352-ga-1~18.04",
"openjdk-8-doc": "8u352-ga-1~18.04"
}
]
}
Ubuntu:18.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.17+8-1ubuntu2~18.04?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.17+8-1ubuntu2~18.04
Affected versions
9.*
9.0.4+12-2ubuntu4
9.0.4+12-4ubuntu1
Other
10~46-4ubuntu1
10~46-5ubuntu1
10.*
10.0.1+10-1ubuntu2
10.0.1+10-3ubuntu1
10.0.2+13-1ubuntu0.18.04.1
10.0.2+13-1ubuntu0.18.04.2
10.0.2+13-1ubuntu0.18.04.3
10.0.2+13-1ubuntu0.18.04.4
11.*
11.0.2+9-3ubuntu1~18.04.3
11.0.3+7-1ubuntu2~18.04.1
11.0.4+11-1ubuntu2~18.04.3
11.0.5+10-0ubuntu1.1~18.04
11.0.6+10-1ubuntu1~18.04.1
11.0.7+10-2ubuntu2~18.04
11.0.8+10-0ubuntu1~18.04.1
11.0.9+11-0ubuntu1~18.04.1
11.0.9.1+1-0ubuntu1~18.04
11.0.10+9-0ubuntu1~18.04
11.0.11+9-0ubuntu2~18.04
11.0.13+8-0ubuntu1~18.04
11.0.14+9-0ubuntu2~18.04
11.0.14.1+1-0ubuntu1~18.04
11.0.15+10-0ubuntu0.18.04.1
11.0.16+8-0ubuntu1~18.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-11-dbg": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-demo": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-source": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-jdk": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-doc": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-jdk-headless": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-jre-zero": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-jre": "11.0.17+8-1ubuntu2~18.04",
"openjdk-11-jre-headless": "11.0.17+8-1ubuntu2~18.04"
}
]
}
Ubuntu:20.04:LTS / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.5+8-2ubuntu1~20.04?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.5+8-2ubuntu1~20.04
Affected versions
17+35-1~20.*
17+35-1~20.04
17.*
17.0.1+12-1~20.04
17.0.2+8-1~20.04
17.0.3+7-0ubuntu0.20.04.1
17.0.4+8-1~20.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-17-dbg": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-jdk": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-jdk-headless": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-demo": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-doc": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-source": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-jre": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-jre-zero": "17.0.5+8-2ubuntu1~20.04",
"openjdk-17-jre-headless": "17.0.5+8-2ubuntu1~20.04"
}
]
}
Ubuntu:20.04:LTS / openjdk-8
Package
- Name
- openjdk-8
- Purl
- pkg:deb/ubuntu/openjdk-8@8u352-ga-1~20.04?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8u352-ga-1~20.04
Affected versions
Other
8u232-b09-0ubuntu1
8u232-b09-1
8u242-b04-1
8u242-b08-0ubuntu3
8u252-b07-1
8u252-b09-1ubuntu1
8u265-b01-0ubuntu2~20.*
8u265-b01-0ubuntu2~20.04
8u272-b10-0ubuntu1~20.*
8u272-b10-0ubuntu1~20.04
8u275-b01-0ubuntu1~20.*
8u275-b01-0ubuntu1~20.04
8u282-b08-0ubuntu1~20.*
8u282-b08-0ubuntu1~20.04
8u292-b10-0ubuntu1~20.*
8u292-b10-0ubuntu1~20.04
8u312-b07-0ubuntu1~20.*
8u312-b07-0ubuntu1~20.04
8u342-b07-0ubuntu1~20.*
8u342-b07-0ubuntu1~20.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-8-dbg": "8u352-ga-1~20.04",
"openjdk-8-jdk-headless": "8u352-ga-1~20.04",
"openjdk-8-demo": "8u352-ga-1~20.04",
"openjdk-8-jre-zero": "8u352-ga-1~20.04",
"openjdk-8-jre-headless": "8u352-ga-1~20.04",
"openjdk-8-source": "8u352-ga-1~20.04",
"openjdk-8-jdk": "8u352-ga-1~20.04",
"openjdk-8-jre": "8u352-ga-1~20.04",
"openjdk-8-doc": "8u352-ga-1~20.04"
}
]
}
Ubuntu:20.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.17+8-1ubuntu2~20.04?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.17+8-1ubuntu2~20.04
Affected versions
11.*
11.0.5+10-0ubuntu1
11.0.5+10-2ubuntu1
11.0.6+10-1ubuntu1
11.0.6+10-2ubuntu2
11.0.7+9-1ubuntu1
11.0.7+10-2ubuntu1
11.0.7+10-3ubuntu1
11.0.8+10-0ubuntu1~20.04
11.0.9+11-0ubuntu1~20.04
11.0.9.1+1-0ubuntu1~20.04
11.0.10+9-0ubuntu1~20.04
11.0.11+9-0ubuntu2~20.04
11.0.13+8-0ubuntu1~20.04
11.0.14+9-0ubuntu2~20.04
11.0.14.1+1-0ubuntu1~20.04
11.0.15+10-0ubuntu0.20.04.1
11.0.16+8-0ubuntu1~20.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-11-dbg": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-demo": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-source": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-jdk": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-doc": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-jdk-headless": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-jre-zero": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-jre": "11.0.17+8-1ubuntu2~20.04",
"openjdk-11-jre-headless": "11.0.17+8-1ubuntu2~20.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.5+8-2ubuntu1~22.04?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.5+8-2ubuntu1~22.04
Affected versions
Other
17+35-1
17.*
17.0.1+12-1
17.0.2+8-1
17.0.3+7-0ubuntu0.22.04.1
17.0.4+8-1~22.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-17-dbg": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-jdk": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-jdk-headless": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-demo": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-doc": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-source": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-jre": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-jre-zero": "17.0.5+8-2ubuntu1~22.04",
"openjdk-17-jre-headless": "17.0.5+8-2ubuntu1~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-19
Package
- Name
- openjdk-19
- Purl
- pkg:deb/ubuntu/openjdk-19@19.0.1+10-1ubuntu1~22.04?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed19.0.1+10-1ubuntu1~22.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-19-jre-zero": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-jre-headless": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-dbg": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-jdk": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-demo": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-doc": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-jdk-headless": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-jre": "19.0.1+10-1ubuntu1~22.04",
"openjdk-19-source": "19.0.1+10-1ubuntu1~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-8
Package
- Name
- openjdk-8
- Purl
- pkg:deb/ubuntu/openjdk-8@8u352-ga-1~22.04?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8u352-ga-1~22.04
Affected versions
Other
8u302-b08-0ubuntu2
8u312-b07-0ubuntu1
8u342-b07-0ubuntu1~22.*
8u342-b07-0ubuntu1~22.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-8-dbg": "8u352-ga-1~22.04",
"openjdk-8-jdk-headless": "8u352-ga-1~22.04",
"openjdk-8-demo": "8u352-ga-1~22.04",
"openjdk-8-jre-zero": "8u352-ga-1~22.04",
"openjdk-8-jre-headless": "8u352-ga-1~22.04",
"openjdk-8-source": "8u352-ga-1~22.04",
"openjdk-8-jdk": "8u352-ga-1~22.04",
"openjdk-8-jre": "8u352-ga-1~22.04",
"openjdk-8-doc": "8u352-ga-1~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.17+8-1ubuntu2~22.04?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.17+8-1ubuntu2~22.04
Affected versions
11.*
11.0.12+7-0ubuntu3
11.0.13+8-0ubuntu1
11.0.14+9-0ubuntu2
11.0.14.1+1-0ubuntu1
11.0.15+10-0ubuntu0.22.04.1
11.0.16+8-0ubuntu1~22.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"openjdk-11-dbg": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-demo": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-source": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-jdk": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-doc": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-jdk-headless": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-jre-zero": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-jre": "11.0.17+8-1ubuntu2~22.04",
"openjdk-11-jre-headless": "11.0.17+8-1ubuntu2~22.04"
}
]
}