USN-5897-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5897-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5897-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5897-1
Related
Published
2023-02-28T02:55:52.212764Z
Modified
2023-02-28T02:55:52.212764Z
Summary
openjdk-17, openjdk-19, openjdk-lts vulnerabilities
Details

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. (CVE-2023-21835)

Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843)

References

Affected packages

Ubuntu:18.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17@17.0.6+10-0ubuntu1~18.04.1?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~18.04.1

Affected versions

17+35-1~18.*

17+35-1~18.04

17.*

17.0.1+12-1~18.04
17.0.2+8-1~18.04
17.0.3+7-0ubuntu0.18.04.1
17.0.4+8-1~18.04
17.0.5+8-2ubuntu1~18.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-17-dbg": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~18.04.1",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~18.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / openjdk-lts

Package

Name
openjdk-lts
Purl
pkg:deb/ubuntu/openjdk-lts@11.0.18+10-0ubuntu1~18.04.1?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~18.04.1

Affected versions

9.*

9.0.4+12-2ubuntu4
9.0.4+12-4ubuntu1

Other

10~46-4ubuntu1
10~46-5ubuntu1

10.*

10.0.1+10-1ubuntu2
10.0.1+10-3ubuntu1
10.0.2+13-1ubuntu0.18.04.1
10.0.2+13-1ubuntu0.18.04.2
10.0.2+13-1ubuntu0.18.04.3
10.0.2+13-1ubuntu0.18.04.4

11.*

11.0.2+9-3ubuntu1~18.04.3
11.0.3+7-1ubuntu2~18.04.1
11.0.4+11-1ubuntu2~18.04.3
11.0.5+10-0ubuntu1.1~18.04
11.0.6+10-1ubuntu1~18.04.1
11.0.7+10-2ubuntu2~18.04
11.0.8+10-0ubuntu1~18.04.1
11.0.9+11-0ubuntu1~18.04.1
11.0.9.1+1-0ubuntu1~18.04
11.0.10+9-0ubuntu1~18.04
11.0.11+9-0ubuntu2~18.04
11.0.13+8-0ubuntu1~18.04
11.0.14+9-0ubuntu2~18.04
11.0.14.1+1-0ubuntu1~18.04
11.0.15+10-0ubuntu0.18.04.1
11.0.16+8-0ubuntu1~18.04
11.0.17+8-1ubuntu2~18.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-11-dbg": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~18.04.1",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17@17.0.6+10-0ubuntu1~20.04.1?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~20.04.1

Affected versions

17+35-1~20.*

17+35-1~20.04

17.*

17.0.1+12-1~20.04
17.0.2+8-1~20.04
17.0.3+7-0ubuntu0.20.04.1
17.0.4+8-1~20.04
17.0.5+8-2ubuntu1~20.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-17-dbg": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~20.04.1",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~20.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-lts

Package

Name
openjdk-lts
Purl
pkg:deb/ubuntu/openjdk-lts@11.0.18+10-0ubuntu1~20.04.1?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~20.04.1

Affected versions

11.*

11.0.5+10-0ubuntu1
11.0.5+10-2ubuntu1
11.0.6+10-1ubuntu1
11.0.6+10-2ubuntu2
11.0.7+9-1ubuntu1
11.0.7+10-2ubuntu1
11.0.7+10-3ubuntu1
11.0.8+10-0ubuntu1~20.04
11.0.9+11-0ubuntu1~20.04
11.0.9.1+1-0ubuntu1~20.04
11.0.10+9-0ubuntu1~20.04
11.0.11+9-0ubuntu2~20.04
11.0.13+8-0ubuntu1~20.04
11.0.14+9-0ubuntu2~20.04
11.0.14.1+1-0ubuntu1~20.04
11.0.15+10-0ubuntu0.20.04.1
11.0.16+8-0ubuntu1~20.04
11.0.17+8-1ubuntu2~20.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-11-dbg": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~20.04.1",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~20.04.1"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/ubuntu/openjdk-17@17.0.6+10-0ubuntu1~22.04?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.6+10-0ubuntu1~22.04

Affected versions

Other

17+35-1

17.*

17.0.1+12-1
17.0.2+8-1
17.0.3+7-0ubuntu0.22.04.1
17.0.4+8-1~22.04
17.0.5+8-2ubuntu1~22.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-17-dbg": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jdk": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jdk-headless": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-demo": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-doc": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-source": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre-zero": "17.0.6+10-0ubuntu1~22.04",
            "openjdk-17-jre-headless": "17.0.6+10-0ubuntu1~22.04"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-19

Package

Name
openjdk-19
Purl
pkg:deb/ubuntu/openjdk-19@19.0.2+7-0ubuntu3~22.04?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
19.0.2+7-0ubuntu3~22.04

Affected versions

19.*

19.0.1+10-1ubuntu1~22.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-19-jre-zero": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jre-headless": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-dbg": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jdk": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-demo": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-doc": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jdk-headless": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-jre": "19.0.2+7-0ubuntu3~22.04",
            "openjdk-19-source": "19.0.2+7-0ubuntu3~22.04"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-lts

Package

Name
openjdk-lts
Purl
pkg:deb/ubuntu/openjdk-lts@11.0.18+10-0ubuntu1~22.04?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.18+10-0ubuntu1~22.04

Affected versions

11.*

11.0.12+7-0ubuntu3
11.0.13+8-0ubuntu1
11.0.14+9-0ubuntu2
11.0.14.1+1-0ubuntu1
11.0.15+10-0ubuntu0.22.04.1
11.0.16+8-0ubuntu1~22.04
11.0.17+8-1ubuntu2~22.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "openjdk-11-dbg": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-demo": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-source": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jdk": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-doc": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jdk-headless": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jre-zero": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jre": "11.0.18+10-0ubuntu1~22.04",
            "openjdk-11-jre-headless": "11.0.18+10-0ubuntu1~22.04"
        }
    ]
}