Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: John Helmert III <ajak@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202209-05 ] OpenJDK: Multiple Vulnerabilities
Date: Wed, 07 Sep 2022 03:13:20
Message-Id: YxgLyEXQbqkNDAI8@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202209-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Low
8 Title: OpenJDK: Multiple Vulnerabilities
9 Date: September 07, 2022
10 Bugs: #803605, #831446, #784611
11 ID: 202209-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in OpenJDK, the worst of which
19 could result in denial of service.
20
21 Background
22 ==========
23
24 OpenJDK is an open source implementation of the Java programming
25 language.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-java/openjdk < 17.0.2_p8:17 >= 17.0.2_p8:17
34 < 11.0.14_p9:11 >= 11.0.14_p9:11
35 < 8.322_p06:8 >= 8.322_p06:8
36 2 dev-java/openjdk-bin < 17.0.2_p8:17 >= 17.0.2_p8:17
37 < 11.0.14_p9:11 >= 11.0.14_p9:11
38 < 8.322_p06:8 >= 8.322_p06:8
39 3 dev-java/openjdk-jre-bin < 17.0.2_p8:17 >= 17.0.2_p8:17
40 < 11.0.14_p9:11 >= 11.0.14_p9:11
41 < 8.322_p06:8 >= 8.322_p06:8
42
43 Description
44 ===========
45
46 Multiple vulnerabilities have been discovered in OpenJDK. Please review
47 the CVE identifiers referenced below for details.
48
49 Impact
50 ======
51
52 Please review the referenced CVE identifiers for details.
53
54 Workaround
55 ==========
56
57 There is no known workaround at this time.
58
59 Resolution
60 ==========
61
62 All OpenJDK 8 users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8"
66
67 All OpenJDK 8 JRE binary users should upgrade to the latest version:
68
69 # emerge --sync
70 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8"
71
72 All OpenJDK 8 binary users should upgrade to the latest version:
73
74 # emerge --sync
75 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8"
76
77 All OpenJDK 11 users should upgrade to the latest version:
78
79 # emerge --sync
80 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11"
81
82 All OpenJDK 11 JRE binary users should upgrade to the latest version:
83
84 # emerge --sync
85 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11"
86
87 All OpenJDK 11 binary users should upgrade to the latest version:
88
89 # emerge --sync
90 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11"
91
92 All OpenJDK 17 users should upgrade to the latest version:
93
94 # emerge --sync
95 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17"
96
97 All OpenJDK 17 JRE binary users should upgrade to the latest version:
98
99 # emerge --sync
100 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17"
101
102 All OpenJDK 17 binary users should upgrade to the latest version:
103
104 # emerge --sync
105 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17"
106
107 References
108 ==========
109
110 [ 1 ] CVE-2021-2161
111 https://nvd.nist.gov/vuln/detail/CVE-2021-2161
112 [ 2 ] CVE-2021-2163
113 https://nvd.nist.gov/vuln/detail/CVE-2021-2163
114 [ 3 ] CVE-2021-2341
115 https://nvd.nist.gov/vuln/detail/CVE-2021-2341
116 [ 4 ] CVE-2021-2369
117 https://nvd.nist.gov/vuln/detail/CVE-2021-2369
118 [ 5 ] CVE-2021-2388
119 https://nvd.nist.gov/vuln/detail/CVE-2021-2388
120 [ 6 ] CVE-2021-2432
121 https://nvd.nist.gov/vuln/detail/CVE-2021-2432
122 [ 7 ] CVE-2021-35550
123 https://nvd.nist.gov/vuln/detail/CVE-2021-35550
124 [ 8 ] CVE-2021-35556
125 https://nvd.nist.gov/vuln/detail/CVE-2021-35556
126 [ 9 ] CVE-2021-35559
127 https://nvd.nist.gov/vuln/detail/CVE-2021-35559
128 [ 10 ] CVE-2021-35561
129 https://nvd.nist.gov/vuln/detail/CVE-2021-35561
130 [ 11 ] CVE-2021-35564
131 https://nvd.nist.gov/vuln/detail/CVE-2021-35564
132 [ 12 ] CVE-2021-35565
133 https://nvd.nist.gov/vuln/detail/CVE-2021-35565
134 [ 13 ] CVE-2021-35567
135 https://nvd.nist.gov/vuln/detail/CVE-2021-35567
136 [ 14 ] CVE-2021-35578
137 https://nvd.nist.gov/vuln/detail/CVE-2021-35578
138 [ 15 ] CVE-2021-35586
139 https://nvd.nist.gov/vuln/detail/CVE-2021-35586
140 [ 16 ] CVE-2021-35588
141 https://nvd.nist.gov/vuln/detail/CVE-2021-35588
142 [ 17 ] CVE-2021-35603
143 https://nvd.nist.gov/vuln/detail/CVE-2021-35603
144 [ 18 ] CVE-2022-21248
145 https://nvd.nist.gov/vuln/detail/CVE-2022-21248
146 [ 19 ] CVE-2022-21271
147 https://nvd.nist.gov/vuln/detail/CVE-2022-21271
148 [ 20 ] CVE-2022-21277
149 https://nvd.nist.gov/vuln/detail/CVE-2022-21277
150 [ 21 ] CVE-2022-21282
151 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
152 [ 22 ] CVE-2022-21283
153 https://nvd.nist.gov/vuln/detail/CVE-2022-21283
154 [ 23 ] CVE-2022-21291
155 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
156 [ 24 ] CVE-2022-21293
157 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
158 [ 25 ] CVE-2022-21294
159 https://nvd.nist.gov/vuln/detail/CVE-2022-21294
160 [ 26 ] CVE-2022-21296
161 https://nvd.nist.gov/vuln/detail/CVE-2022-21296
162 [ 27 ] CVE-2022-21299
163 https://nvd.nist.gov/vuln/detail/CVE-2022-21299
164 [ 28 ] CVE-2022-21305
165 https://nvd.nist.gov/vuln/detail/CVE-2022-21305
166 [ 29 ] CVE-2022-21340
167 https://nvd.nist.gov/vuln/detail/CVE-2022-21340
168 [ 30 ] CVE-2022-21341
169 https://nvd.nist.gov/vuln/detail/CVE-2022-21341
170 [ 31 ] CVE-2022-21349
171 https://nvd.nist.gov/vuln/detail/CVE-2022-21349
172 [ 32 ] CVE-2022-21360
173 https://nvd.nist.gov/vuln/detail/CVE-2022-21360
174 [ 33 ] CVE-2022-21365
175 https://nvd.nist.gov/vuln/detail/CVE-2022-21365
176 [ 34 ] CVE-2022-21366
177 https://nvd.nist.gov/vuln/detail/CVE-2022-21366
178
179 Availability
180 ============
181
182 This GLSA and any updates to it are available for viewing at
183 the Gentoo Security Website:
184
185 https://security.gentoo.org/glsa/202209-05
186
187 Concerns?
188 =========
189
190 Security is a primary focus of Gentoo Linux and ensuring the
191 confidentiality and security of our users' machines is of utmost
192 importance to us. Any security concerns should be addressed to
193 security@g.o or alternatively, you may file a bug at
194 https://bugs.gentoo.org.
195
196 License
197 =======
198
199 Copyright 2022 Gentoo Foundation, Inc; referenced text
200 belongs to its owner(s).
201
202 The contents of this document are licensed under the
203 Creative Commons - Attribution / Share Alike license.
204
205 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups