USN-6077-1: OpenJDK vulnerabilities

Releases

• Ubuntu 23.04
• Ubuntu 22.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• openjdk-17 - Open Source Java implementation
• openjdk-20 - Open Source Java implementation
• openjdk-8 - Open Source Java implementation
• openjdk-lts - Open Source Java implementation

Details

Ben Smyth discovered that OpenJDK incorrectly handled half-duplex
connections during TLS handshake. A remote attacker could possibly use
this issue to insert, edit or obtain sensitive information.
(CVE-2023-21930)

It was discovered that OpenJDK incorrectly handled certain inputs. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21937)

It was discovered that OpenJDK incorrectly handled command arguments. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21938)

It was discovered that OpenJDK incorrectly validated HTML documents. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-21939)

Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage
collection. An attacker could possibly use this issue to bypass Java
sandbox restrictions. (CVE-2023-21954)

Jonathan Looney discovered that OpenJDK incorrectly handled certificate
chains during TLS session negotiation. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-21967)

Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2023-21968)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.04

• openjdk-20-jre - 20.0.1+9~us1-0ubuntu1~23.04
• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~23.04
• openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~23.04
• openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~23.04
• openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~23.04
• openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~23.04
• openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~23.04
• openjdk-20-jre-headless - 20.0.1+9~us1-0ubuntu1~23.04
• openjdk-20-jdk - 20.0.1+9~us1-0ubuntu1~23.04
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~23.04
• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~23.04
• openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~23.04
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~23.04
• openjdk-20-jre-zero - 20.0.1+9~us1-0ubuntu1~23.04
• openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~23.04
• openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~23.04

Ubuntu 22.10

• openjdk-20-jre - 20.0.1+9~us1-0ubuntu1~22.10
• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~22.10
• openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~22.10.1
• openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~22.10.1
• openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~22.10.2
• openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~22.10.2
• openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~22.10.2
• openjdk-20-jre-headless - 20.0.1+9~us1-0ubuntu1~22.10
• openjdk-20-jdk - 20.0.1+9~us1-0ubuntu1~22.10
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~22.10
• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~22.10
• openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~22.10.1
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~22.10
• openjdk-20-jre-zero - 20.0.1+9~us1-0ubuntu1~22.10
• openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~22.10.2
• openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~22.10.1

Ubuntu 22.04

• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~22.04
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~22.04
• openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~22.04.1
• openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~22.04.2
• openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~22.04.2
• openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~22.04.2
• openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~22.04.2
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~22.04
• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~22.04
• openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~22.04.1
• openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~22.04.1
• openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~22.04.1

Ubuntu 20.04

• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~20.04
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~20.04
• openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~20.04.1
• openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~20.04
• openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~20.04
• openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~20.04
• openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~20.04
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~20.04
• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~20.04
• openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~20.04.1
• openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~20.04.1
• openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~20.04.1

Ubuntu 18.04

• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~18.04
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~18.04
• openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~18.04.1
• openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~18.04
• openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~18.04
• openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~18.04
• openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~18.04
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~18.04
• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~18.04
• openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~18.04.1
• openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~18.04.1
• openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~18.04.1

Ubuntu 16.04

• openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~16.04
  Available with Ubuntu Pro
• openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~16.04
  Available with Ubuntu Pro
• openjdk-8-jre - 8u372-ga~us1-0ubuntu1~16.04
  Available with Ubuntu Pro
• openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~16.04
  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

• CVE-2023-21937
• CVE-2023-21938
• CVE-2023-21968
• CVE-2023-21939
• CVE-2023-21930
• CVE-2023-21967
• CVE-2023-21954