QID 378369
Date Published: 2023-04-18
QID 378369: Red Hat OpenJDK 17.0.5 Security Update for Windows Builds (RHSA-2022:7051)
The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
OpenJDK: improper handling of long NTLM client hostnames (Networking, 8286526) (CVE-2022-21619).
OpenJDK: excessive memory allocation in X.509 certificate parsing (Libraries, 8286533) (CVE-2022-21626).
OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624).
OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628).
OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399).
OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618).
Affected Versions:
Red Hat build of OpenJDK 17 (17.0.4) and later Versions and Prior to OpenJDK 17 (17.0.5)
QID Detection Logic (Authenticated):
This QID checks for:
"HKLM\Software\JavaSoft\Java Runtime Environment"
"HKLM\Software\Wow6432Node\JavaSoft\Java Runtime Environment"
"HKLM\Software\JavaSoft\Java Development Kit"
"HKLM\Software\Wow6432Node\JavaSoft\Java Development Kit"
"HKLM\Software\JavaSoft\JRE"
"HKLM\Software\Wow6432Node\JavaSoft\JRE"
"HKLM\Software\JavaSoft\JDK"
and "HKLM\Software\Wow6432Node\JavaSoft\JDK" subkeys and fetches JavaHome value, checks for bin\java.exe file existence in the fetched location, performs jar extraction to confirm Red Hat as the vendor, then reads the compare the version for file java.exe and posts the QID on Windows Operating Systems
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of accessible data.
- RHSA-2022:7051 -
access.redhat.com/errata/RHSA-2022:7051
CVEs related to QID 378369
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2022:7051 |
access.redhat.com/errata/RHSA-2022:7051 |