========================================================================= Ubuntu Security Notice USN-5719-1 November 09, 2022 openjdk-8, openjdk-lts, openjdk-17, openjdk-19 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-17: Open Source Java implementation - openjdk-19: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Details: It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. (CVE-2022-21619) It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. (CVE-2022-21624) It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628) It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626) It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-39399) It was discovered that OpenJDK incorrectly handled byte conversions. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-21618) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: openjdk-11-jdk 11.0.17+8-1ubuntu2 openjdk-11-jre 11.0.17+8-1ubuntu2 openjdk-11-jre-headless 11.0.17+8-1ubuntu2 openjdk-11-jre-zero 11.0.17+8-1ubuntu2 openjdk-17-jdk 17.0.5+8-2ubuntu1 openjdk-17-jre 17.0.5+8-2ubuntu1 openjdk-17-jre-headless 17.0.5+8-2ubuntu1 openjdk-17-jre-zero 17.0.5+8-2ubuntu1 openjdk-19-jdk 19.0.1+10-1 openjdk-19-jre 19.0.1+10-1 openjdk-19-jre-headless 19.0.1+10-1 openjdk-19-jre-zero 19.0.1+10-1 openjdk-8-jdk 8u352-ga-1~22.10 openjdk-8-jre 8u352-ga-1~22.10 openjdk-8-jre-headless 8u352-ga-1~22.10 openjdk-8-jre-zero 8u352-ga-1~22.10 Ubuntu 22.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~22.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~22.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~22.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~22.04 openjdk-19-jdk 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre-headless 19.0.1+10-1ubuntu1~22.04 openjdk-19-jre-zero 19.0.1+10-1ubuntu1~22.04 openjdk-8-jdk 8u352-ga-1~22.04 openjdk-8-jre 8u352-ga-1~22.04 openjdk-8-jre-headless 8u352-ga-1~22.04 openjdk-8-jre-zero 8u352-ga-1~22.04 Ubuntu 20.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~20.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~20.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~20.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~20.04 openjdk-8-jdk 8u352-ga-1~20.04 openjdk-8-jre 8u352-ga-1~20.04 openjdk-8-jre-headless 8u352-ga-1~20.04 openjdk-8-jre-zero 8u352-ga-1~20.04 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-headless 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-zero 11.0.17+8-1ubuntu2~18.04 openjdk-17-jdk 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-headless 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-zero 17.0.5+8-2ubuntu1~18.04 openjdk-8-jdk 8u352-ga-1~18.04 openjdk-8-jre 8u352-ga-1~18.04 openjdk-8-jre-headless 8u352-ga-1~18.04 openjdk-8-jre-zero 8u352-ga-1~18.04 Ubuntu 16.04 ESM: openjdk-8-jdk 8u352-ga-1~16.04 openjdk-8-jre 8u352-ga-1~16.04 openjdk-8-jre-headless 8u352-ga-1~16.04 openjdk-8-jre-zero 8u352-ga-1~16.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5719-1 CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399 Package Information: https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1 https://launchpad.net/ubuntu/+source/openjdk-19/19.0.1+10-1 https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~22.10 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~22.04 https://launchpad.net/ubuntu/+source/openjdk-19/19.0.1+10-1ubuntu1~22.04 https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~22.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~22.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~20.04 https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~20.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~20.04 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.5+8-2ubuntu1~18.04 https://launchpad.net/ubuntu/+source/openjdk-8/8u352-ga-1~18.04 https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.17+8-1ubuntu2~18.04