QID 378380

Date Published: 2023-04-18

QID 378380: Red Hat OpenJDK 17.0.4 Security Update for Windows Builds (RHSA-2022:5757)

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540).

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541).

OpenJDK: integer truncation issue in Xalan (JAXP, 8285407) (CVE-2022-34169).

OpenJDK: random exponentials issue (Libraries, 8283875) (CVE-2022-21549).
Affected Versions:
Red Hat build of OpenJDK 17 (17.0.3) and later Versions and Prior to OpenJDK 17 (17.0.4)

QID Detection Logic (Authenticated):
This QID checks for:
"HKLM\Software\JavaSoft\Java Runtime Environment"
"HKLM\Software\Wow6432Node\JavaSoft\Java Runtime Environment"
"HKLM\Software\JavaSoft\Java Development Kit"
"HKLM\Software\Wow6432Node\JavaSoft\Java Development Kit"
and "HKLM\Software\Wow6432Node\JavaSoft\JDK" subkeys and fetches JavaHome value, checks for bin\java.exe file existence in the fetched location, performs jar extraction to confirm Red Hat as the vendor, then reads the compare the version for file java.exe and posts the QID on Windows Operating Systems

Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of accessible data.

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 4.9 severity.
  • Solution
    For more information regarding the update RHSA-2022:5757
    Vendor References

    CVEs related to QID 378380

    Software Advisories
    Advisory ID Software Component Link
    RHSA-2022:5757 URL Logo access.redhat.com/errata/RHSA-2022:5757