Headline
Ubuntu Security Notice USN-6527-1
Ubuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.
=========================================================================
Ubuntu Security Notice USN-6527-1
November 29, 2023
openjdk-17, openjdk-21, openjdk-lts vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK.
Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-21: Open Source Java implementation
- openjdk-lts: Open Source Java implementation
Details:
Carter Kozak discovered that OpenJDK, when compiling with AVX-512
instruction support enabled, could produce code that resulted in memory
corruption in certain situations. An attacker targeting applications built
in this way could possibly use this to cause a denial of service or execute
arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512
instructions. (CVE-2023-22025)
It was discovered that OpenJDK did not properly perform PKIX certification
path validation in certain situations. An attacker could use this to cause
a denial of service. (CVE-2023-22081)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
openjdk-11-jdk 11.0.21+9-0ubuntu1~23.10
openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~23.10
openjdk-11-jre 11.0.21+9-0ubuntu1~23.10
openjdk-11-jre-headless 11.0.21+9-0ubuntu1~23.10
openjdk-11-jre-zero 11.0.21+9-0ubuntu1~23.10
openjdk-17-jdk 17.0.9+9-1~23.10
openjdk-17-jdk-headless 17.0.9+9-1~23.10
openjdk-17-jre 17.0.9+9-1~23.10
openjdk-17-jre-headless 17.0.9+9-1~23.10
openjdk-17-jre-zero 17.0.9+9-1~23.10
openjdk-21-jdk 21.0.1+12-2~23.10
openjdk-21-jdk-headless 21.0.1+12-2~23.10
openjdk-21-jre 21.0.1+12-2~23.10
openjdk-21-jre-headless 21.0.1+12-2~23.10
openjdk-21-jre-zero 21.0.1+12-2~23.10
Ubuntu 23.04:
openjdk-11-jdk 11.0.21+9-0ubuntu1~23.04
openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~23.04
openjdk-11-jre 11.0.21+9-0ubuntu1~23.04
openjdk-11-jre-headless 11.0.21+9-0ubuntu1~23.04
openjdk-11-jre-zero 11.0.21+9-0ubuntu1~23.04
openjdk-17-jdk 17.0.9+9-1~23.04
openjdk-17-jdk-headless 17.0.9+9-1~23.04
openjdk-17-jre 17.0.9+9-1~23.04
openjdk-17-jre-headless 17.0.9+9-1~23.04
openjdk-17-jre-zero 17.0.9+9-1~23.04
openjdk-21-jdk 21.0.1+12-2~23.04
openjdk-21-jdk-headless 21.0.1+12-2~23.04
openjdk-21-jre 21.0.1+12-2~23.04
openjdk-21-jre-headless 21.0.1+12-2~23.04
openjdk-21-jre-zero 21.0.1+12-2~23.04
Ubuntu 22.04 LTS:
openjdk-11-jdk 11.0.21+9-0ubuntu1~22.04
openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~22.04
openjdk-11-jre 11.0.21+9-0ubuntu1~22.04
openjdk-11-jre-headless 11.0.21+9-0ubuntu1~22.04
openjdk-11-jre-zero 11.0.21+9-0ubuntu1~22.04
openjdk-17-jdk 17.0.9+9-1~22.04
openjdk-17-jdk-headless 17.0.9+9-1~22.04
openjdk-17-jre 17.0.9+9-1~22.04
openjdk-17-jre-headless 17.0.9+9-1~22.04
openjdk-17-jre-zero 17.0.9+9-1~22.04
Ubuntu 20.04 LTS:
openjdk-11-jdk 11.0.21+9-0ubuntu1~20.04
openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~20.04
openjdk-11-jre 11.0.21+9-0ubuntu1~20.04
openjdk-11-jre-headless 11.0.21+9-0ubuntu1~20.04
openjdk-11-jre-zero 11.0.21+9-0ubuntu1~20.04
openjdk-17-jdk 17.0.9+9-1~20.04
openjdk-17-jdk-headless 17.0.9+9-1~20.04
openjdk-17-jre 17.0.9+9-1~20.04
openjdk-17-jre-headless 17.0.9+9-1~20.04
openjdk-17-jre-zero 17.0.9+9-1~20.04
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
openjdk-11-jdk 11.0.21+9-0ubuntu1~18.04
openjdk-11-jdk-headless 11.0.21+9-0ubuntu1~18.04
openjdk-11-jre 11.0.21+9-0ubuntu1~18.04
openjdk-11-jre-headless 11.0.21+9-0ubuntu1~18.04
openjdk-11-jre-zero 11.0.21+9-0ubuntu1~18.04
openjdk-17-jdk 17.0.9+9-1~18.04
openjdk-17-jdk-headless 17.0.9+9-1~18.04
openjdk-17-jre 17.0.9+9-1~18.04
openjdk-17-jre-headless 17.0.9+9-1~18.04
openjdk-17-jre-zero 17.0.9+9-1~18.04
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6527-1
CVE-2023-22025, CVE-2023-22081
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~23.10
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.1+12-2~23.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~23.10
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~23.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.1+12-2~23.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.9+9-1~20.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.21+9-0ubuntu1~20.04
Related news
Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Debian Linux Security Advisory 5548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service.
Debian Linux Security Advisory 5548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service.
Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.
Red Hat Security Advisory 2023-5761-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
Red Hat Security Advisory 2023-5753-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5753-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5752-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5751-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5751-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5750-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5750-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5747-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5747-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Red Hat Security Advisory 2023-5746-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-5746-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2023-5744-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).