drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenJDK
Name: |
Mehrere Probleme in OpenJDK |
|
ID: |
USN-6661-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 18.04 LTS (Available with Ubuntu Pro), Ubuntu 23.10 |
|
Datum: |
Di, 27. Februar 2024, 06:17 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20945 |
|
Applikationen: |
OpenJDK |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1852119904059984433== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------fcuDDyZqdl2x0RM70m5u0FUP"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------fcuDDyZqdl2x0RM70m5u0FUP Content-Type: multipart/mixed; boundary="------------kj3qOY0LU25CdyAb3FY7IKNL"; protected-headers="v1" From: Evan Caville <evan.caville@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <be3fad03-5adf-485c-b029-fd4c7974d041@canonical.com> Subject: [USN-6661-1] OpenJDK 17 vulnerabilities
--------------kj3qOY0LU25CdyAb3FY7IKNL Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6661-1 February 27, 2024
openjdk-17 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in OpenJDK 17.
Software Description: - openjdk-17: Open Source Java implementation
Details:
Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 17 had an optimization flaw when generating range check loop predicates. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP archives that have file and directory entries with the same name. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20932)
It was discovered that OpenJDK 17 could produce debug logs that contained private keys used for digital signatures. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a timing side-channel and incorrectly handled RSA padding. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-20952)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: openjdk-17-jdk 17.0.10+7-1~23.10.1 openjdk-17-jdk-headless 17.0.10+7-1~23.10.1 openjdk-17-jre 17.0.10+7-1~23.10.1 openjdk-17-jre-headless 17.0.10+7-1~23.10.1 openjdk-17-jre-zero 17.0.10+7-1~23.10.1
Ubuntu 22.04 LTS: openjdk-17-jdk 17.0.10+7-1~22.04.1 openjdk-17-jdk-headless 17.0.10+7-1~22.04.1 openjdk-17-jre 17.0.10+7-1~22.04.1 openjdk-17-jre-headless 17.0.10+7-1~22.04.1 openjdk-17-jre-zero 17.0.10+7-1~22.04.1
Ubuntu 20.04 LTS: openjdk-17-jdk 17.0.10+7-1~20.04.1 openjdk-17-jdk-headless 17.0.10+7-1~20.04.1 openjdk-17-jre 17.0.10+7-1~20.04.1 openjdk-17-jre-headless 17.0.10+7-1~20.04.1 openjdk-17-jre-zero 17.0.10+7-1~20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro): openjdk-17-jdk 17.0.10+7-1~18.04.1 openjdk-17-jdk-headless 17.0.10+7-1~18.04.1 openjdk-17-jre 17.0.10+7-1~18.04.1 openjdk-17-jre-headless 17.0.10+7-1~18.04.1 openjdk-17-jre-zero 17.0.10+7-1~18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6661-1 CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952
Package Information: https://launchpad.net/ubuntu/+source/openjdk-17/17.0.10+7-1~23.10.1 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.10+7-1~22.04.1 https://launchpad.net/ubuntu/+source/openjdk-17/17.0.10+7-1~20.04.1
--------------kj3qOY0LU25CdyAb3FY7IKNL--
--------------fcuDDyZqdl2x0RM70m5u0FUP Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmXdUvYFAwAAAAAACgkQWNrRIKaTkWeI Ng//bFV85JssXtt4XsCRXEv/JzwqMTy5GqMwIBEEVGSUILVE0Y6S+r7lf/z9dSeoAgtKEyXx/yqq vRNWfGnBZvN0tfud7B9y/hn4fBHTMWdy8XAWXzRhOo3NjAfqHmlL+U9yREw27Wd+9FyKAs5Dp/rE 2Mqp9YY0vXWt6ykPbjlkwmQLYAu7X0pMzB34qab+MgbZJcVKrrMRnYuzkxBwYQQlat9NWQkD5oQJ e6+SF5PbfwqoGcfeJwZes/kONvFMGKD9ueKHkR7oP8ezmvJ2rMJhtKT5EDJNdns9KvSyEDDIgtiZ bnhEJjcbGTw1GzG53o/I/AVPNuSbF2EfTo+OdLAsduGirra7glLg77d/Z8ZbJetvaDp4C89SzHO/ eS9l1YKCHEAzycWeh98bnpMgBy3uXDrwiQT2eh0L+IFs8JI9Ibj2zGNqdBm8+jQL4nb414Nvm4Z1 7VOEGPrTEoNTVGBNQj6kqqOJWKlWzd+WNrJvqab16nqKa1hn+wHwqC1e25r+GlTLwcaGX+ctDBzk 9sz+F16at+mJd/KEz4JgZMAOBkq/TagdK96WtNAYlPl1ldiSijYQMZRfs467X2oSdvuMMJJtztrl YL40k1mTG3JmFILe/MRT424Mfk2Cb3SM+66So5phZdrvTEka/C069s78yUMfw/T//0+JXQirVTNA XLI= =ZEzw -----END PGP SIGNATURE-----
--------------fcuDDyZqdl2x0RM70m5u0FUP--
--===============1852119904059984433== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============1852119904059984433==--
|
|
|
|