QID 198691

Date Published: 2022-03-09

QID 198691: Ubuntu Security Notification for Open Java Development Toolkit (OpenJDK) Vulnerabilities (USN-5313-1)

Openjdk incorrectly handled deserialization filters.
Openjdk incorrectly read uncompressed tiff files.
Openjdk incorrectly verified accessrestrictions when performing uri resolution.
Openjdk incorrectly handled certain regularexpressions in the pattern class implementation.
Openjdk incorrectly handled specially crafted javaclass files.
Openjdk incorrectly validated attributesduring object deserialization.
Openjdk incorrectly verified access permissionsin the jaxp component.
Openjdk incorrectly handled xml entities.
Openjdk incorrectly handled array indexes.
Openjdk incorrectly read very long attributesvalues in jar file manifests.
Openjdk incorrectly validated input from serializedstreams.
Openjdk incorrectly handled certainspecially crafted bmp or tiff files.
An integer overflow could be triggered in openjdkbmpimagereader class implementation.

An attacker could possibly use this issue to insert, delete or obtainsensitive information.
An attacker could possibly use this issue to cause a denial of service viaa specially crafted tiff file.
An attacker could possiblyuse this issue to obtain sensitive information.
An attacker couldpossibly use this issue to cause a denial of service.
An attacker could possibly use this issue to cause a denialof service.
An attacker could possibly use this issueto cause a denial of service.
An attacker could possibly use this to speciallycraft an xml file to obtain sensitive information.
Anattacker could use this to specially craft an xml file that, when parsed,would possibly cause a denial of service.
An attacker could possibly use this issue to obtain sensitive information.
An attacker could possibly use this tospecially craft jar file to cause a denial of service.
An attacker cold possibly use this issue to bypass sandboxrestrictions.
An attacker could possibly use thisto cause a denial of service.
An attacker could possibly use thisto specially craft a bmp file to cause a denial of service.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
    • Solution
    Refer to Ubuntu security advisory USN-5313-1 for updates and patch information.
    Vendor References

    CVEs related to QID 198691

    CVE-2022-21296 | CVE-2022-21305 | CVE-2022-21282 | CVE-2022-21294 | CVE-2022-21299 | CVE-2022-21293 | CVE-2022-21365 | CVE-2022-21248 | CVE-2022-21360 | CVE-2022-21283 | CVE-2022-21366 | CVE-2022-21341 | CVE-2022-21277 | CVE-2022-21291 | CVE-2022-21340 |
    Software Advisories
    Advisory ID Software Component Link
    USN-5313-1 Ubuntu Linux URL Logo ubuntu.com/security/notices/USN-5313-1
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].