From: | John Helmert III <ajak@g.o> |
---|---|
To: | gentoo-announce@l.g.o |
Subject: | [gentoo-announce] [ GLSA 202209-05 ] OpenJDK: Multiple Vulnerabilities |
Date: | Wed, 07 Sep 2022 03:13:20 |
Message-Id: | YxgLyEXQbqkNDAI8@gentoo.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory GLSA 202209-05 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | https://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: Low |
8 | Title: OpenJDK: Multiple Vulnerabilities |
9 | Date: September 07, 2022 |
10 | Bugs: #803605, #831446, #784611 |
11 | ID: 202209-05 |
12 | |
13 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 | |
15 | Synopsis |
16 | ======== |
17 | |
18 | Multiple vulnerabilities have been found in OpenJDK, the worst of which |
19 | could result in denial of service. |
20 | |
21 | Background |
22 | ========== |
23 | |
24 | OpenJDK is an open source implementation of the Java programming |
25 | language. |
26 | |
27 | Affected packages |
28 | ================= |
29 | |
30 | ------------------------------------------------------------------- |
31 | Package / Vulnerable / Unaffected |
32 | ------------------------------------------------------------------- |
33 | 1 dev-java/openjdk < 17.0.2_p8:17 >= 17.0.2_p8:17 |
34 | < 11.0.14_p9:11 >= 11.0.14_p9:11 |
35 | < 8.322_p06:8 >= 8.322_p06:8 |
36 | 2 dev-java/openjdk-bin < 17.0.2_p8:17 >= 17.0.2_p8:17 |
37 | < 11.0.14_p9:11 >= 11.0.14_p9:11 |
38 | < 8.322_p06:8 >= 8.322_p06:8 |
39 | 3 dev-java/openjdk-jre-bin < 17.0.2_p8:17 >= 17.0.2_p8:17 |
40 | < 11.0.14_p9:11 >= 11.0.14_p9:11 |
41 | < 8.322_p06:8 >= 8.322_p06:8 |
42 | |
43 | Description |
44 | =========== |
45 | |
46 | Multiple vulnerabilities have been discovered in OpenJDK. Please review |
47 | the CVE identifiers referenced below for details. |
48 | |
49 | Impact |
50 | ====== |
51 | |
52 | Please review the referenced CVE identifiers for details. |
53 | |
54 | Workaround |
55 | ========== |
56 | |
57 | There is no known workaround at this time. |
58 | |
59 | Resolution |
60 | ========== |
61 | |
62 | All OpenJDK 8 users should upgrade to the latest version: |
63 | |
64 | # emerge --sync |
65 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8" |
66 | |
67 | All OpenJDK 8 JRE binary users should upgrade to the latest version: |
68 | |
69 | # emerge --sync |
70 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8" |
71 | |
72 | All OpenJDK 8 binary users should upgrade to the latest version: |
73 | |
74 | # emerge --sync |
75 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8" |
76 | |
77 | All OpenJDK 11 users should upgrade to the latest version: |
78 | |
79 | # emerge --sync |
80 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11" |
81 | |
82 | All OpenJDK 11 JRE binary users should upgrade to the latest version: |
83 | |
84 | # emerge --sync |
85 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11" |
86 | |
87 | All OpenJDK 11 binary users should upgrade to the latest version: |
88 | |
89 | # emerge --sync |
90 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11" |
91 | |
92 | All OpenJDK 17 users should upgrade to the latest version: |
93 | |
94 | # emerge --sync |
95 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17" |
96 | |
97 | All OpenJDK 17 JRE binary users should upgrade to the latest version: |
98 | |
99 | # emerge --sync |
100 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17" |
101 | |
102 | All OpenJDK 17 binary users should upgrade to the latest version: |
103 | |
104 | # emerge --sync |
105 | # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17" |
106 | |
107 | References |
108 | ========== |
109 | |
110 | [ 1 ] CVE-2021-2161 |
111 | https://nvd.nist.gov/vuln/detail/CVE-2021-2161 |
112 | [ 2 ] CVE-2021-2163 |
113 | https://nvd.nist.gov/vuln/detail/CVE-2021-2163 |
114 | [ 3 ] CVE-2021-2341 |
115 | https://nvd.nist.gov/vuln/detail/CVE-2021-2341 |
116 | [ 4 ] CVE-2021-2369 |
117 | https://nvd.nist.gov/vuln/detail/CVE-2021-2369 |
118 | [ 5 ] CVE-2021-2388 |
119 | https://nvd.nist.gov/vuln/detail/CVE-2021-2388 |
120 | [ 6 ] CVE-2021-2432 |
121 | https://nvd.nist.gov/vuln/detail/CVE-2021-2432 |
122 | [ 7 ] CVE-2021-35550 |
123 | https://nvd.nist.gov/vuln/detail/CVE-2021-35550 |
124 | [ 8 ] CVE-2021-35556 |
125 | https://nvd.nist.gov/vuln/detail/CVE-2021-35556 |
126 | [ 9 ] CVE-2021-35559 |
127 | https://nvd.nist.gov/vuln/detail/CVE-2021-35559 |
128 | [ 10 ] CVE-2021-35561 |
129 | https://nvd.nist.gov/vuln/detail/CVE-2021-35561 |
130 | [ 11 ] CVE-2021-35564 |
131 | https://nvd.nist.gov/vuln/detail/CVE-2021-35564 |
132 | [ 12 ] CVE-2021-35565 |
133 | https://nvd.nist.gov/vuln/detail/CVE-2021-35565 |
134 | [ 13 ] CVE-2021-35567 |
135 | https://nvd.nist.gov/vuln/detail/CVE-2021-35567 |
136 | [ 14 ] CVE-2021-35578 |
137 | https://nvd.nist.gov/vuln/detail/CVE-2021-35578 |
138 | [ 15 ] CVE-2021-35586 |
139 | https://nvd.nist.gov/vuln/detail/CVE-2021-35586 |
140 | [ 16 ] CVE-2021-35588 |
141 | https://nvd.nist.gov/vuln/detail/CVE-2021-35588 |
142 | [ 17 ] CVE-2021-35603 |
143 | https://nvd.nist.gov/vuln/detail/CVE-2021-35603 |
144 | [ 18 ] CVE-2022-21248 |
145 | https://nvd.nist.gov/vuln/detail/CVE-2022-21248 |
146 | [ 19 ] CVE-2022-21271 |
147 | https://nvd.nist.gov/vuln/detail/CVE-2022-21271 |
148 | [ 20 ] CVE-2022-21277 |
149 | https://nvd.nist.gov/vuln/detail/CVE-2022-21277 |
150 | [ 21 ] CVE-2022-21282 |
151 | https://nvd.nist.gov/vuln/detail/CVE-2022-21282 |
152 | [ 22 ] CVE-2022-21283 |
153 | https://nvd.nist.gov/vuln/detail/CVE-2022-21283 |
154 | [ 23 ] CVE-2022-21291 |
155 | https://nvd.nist.gov/vuln/detail/CVE-2022-21291 |
156 | [ 24 ] CVE-2022-21293 |
157 | https://nvd.nist.gov/vuln/detail/CVE-2022-21293 |
158 | [ 25 ] CVE-2022-21294 |
159 | https://nvd.nist.gov/vuln/detail/CVE-2022-21294 |
160 | [ 26 ] CVE-2022-21296 |
161 | https://nvd.nist.gov/vuln/detail/CVE-2022-21296 |
162 | [ 27 ] CVE-2022-21299 |
163 | https://nvd.nist.gov/vuln/detail/CVE-2022-21299 |
164 | [ 28 ] CVE-2022-21305 |
165 | https://nvd.nist.gov/vuln/detail/CVE-2022-21305 |
166 | [ 29 ] CVE-2022-21340 |
167 | https://nvd.nist.gov/vuln/detail/CVE-2022-21340 |
168 | [ 30 ] CVE-2022-21341 |
169 | https://nvd.nist.gov/vuln/detail/CVE-2022-21341 |
170 | [ 31 ] CVE-2022-21349 |
171 | https://nvd.nist.gov/vuln/detail/CVE-2022-21349 |
172 | [ 32 ] CVE-2022-21360 |
173 | https://nvd.nist.gov/vuln/detail/CVE-2022-21360 |
174 | [ 33 ] CVE-2022-21365 |
175 | https://nvd.nist.gov/vuln/detail/CVE-2022-21365 |
176 | [ 34 ] CVE-2022-21366 |
177 | https://nvd.nist.gov/vuln/detail/CVE-2022-21366 |
178 | |
179 | Availability |
180 | ============ |
181 | |
182 | This GLSA and any updates to it are available for viewing at |
183 | the Gentoo Security Website: |
184 | |
185 | https://security.gentoo.org/glsa/202209-05 |
186 | |
187 | Concerns? |
188 | ========= |
189 | |
190 | Security is a primary focus of Gentoo Linux and ensuring the |
191 | confidentiality and security of our users' machines is of utmost |
192 | importance to us. Any security concerns should be addressed to |
193 | security@g.o or alternatively, you may file a bug at |
194 | https://bugs.gentoo.org. |
195 | |
196 | License |
197 | ======= |
198 | |
199 | Copyright 2022 Gentoo Foundation, Inc; referenced text |
200 | belongs to its owner(s). |
201 | |
202 | The contents of this document are licensed under the |
203 | Creative Commons - Attribution / Share Alike license. |
204 | |
205 | https://creativecommons.org/licenses/by-sa/2.5 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |