English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.845174
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5202-1)
Summary:The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-5202-1 advisory.
Description:Summary:
The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-5202-1 advisory.

Vulnerability Insight:
Varnavas Papaioannou discovered that the FTP client implementation in
OpenJDK accepted alternate server IP addresses when connecting with FTP
passive mode. An attacker controlling an FTP server that an application
connects to could possibly use this to expose sensitive information
(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)

Markus Loewe discovered that OpenJDK did not properly handle JAR files
containing multiple manifest files. An attacker could possibly use
this to bypass JAR signature verification. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
21.04. (CVE-2021-2369)

Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly
perform range check elimination in some situations. An attacker could
possibly use this to construct a Java class that could bypass Java
sandbox restrictions. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388)

Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by
default. An attacker could possibly use this to expose sensitive
information. (CVE-2021-35550)

It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35556)

It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35559)

Markus Loewe discovered that the HashMap and HashSet implementations in
OpenJDK did not properly validate load factors during deserialization. An
attacker could use this to cause a denial of service (excessive memory
consumption). (CVE-2021-35561)

It was discovered that the Keytool component in OpenJDK did not properly
handle certificates with validity ending dates in the far future. An
attacker could use this to specially craft a certificate that when imported
could corrupt a keystore. (CVE-2021-35564)

Tristen Hayfield discovered that the HTTP server implementation in OpenJDK
did not properly handle TLS session close in some situations. A remote
attacker could possibly use this to cause a denial of service (application
infinite loop). (CVE-2021-35565)

Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not
correctly report subject principals when using Kerberos Constrained
Delegation. An attacker could possibly use this to cause incorrect Kerberos
tickets to be used. (CVE-2021-35567)

it was discovered that the TLS implementation in OpenJDK did not properly
handle TLS handshakes in certain situations where a Java application is
acting as a TLS ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'openjdk-8, openjdk-lts' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.04, Ubuntu 21.10.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-2341
https://security.netapp.com/advisory/ntap-20210723-0002/
Debian Security Information: DSA-4946 (Google Search)
https://www.debian.org/security/2021/dsa-4946
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTRQIXB52KIXUAO6JBYUKYWXST2NKNAK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJJ75FHSUZGWPV4UJTSMQHWLOQ77LHTG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TTUHVQF2MGUTP6GTCXLZS4GXK3XUWC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N57OFX5EJKHHDW4WAOBZFWA5CL4VIIK5/
https://security.gentoo.org/glsa/202209-05
https://www.oracle.com/security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-2369
https://bugzilla.redhat.com/show_bug.cgi?id=1982879
Common Vulnerability Exposure (CVE) ID: CVE-2021-2388
Common Vulnerability Exposure (CVE) ID: CVE-2021-35550
Debian Security Information: DSA-5000 (Google Search)
https://www.debian.org/security/2021/dsa-5000
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/
https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-35556
Debian Security Information: DSA-5012 (Google Search)
https://www.debian.org/security/2021/dsa-5012
Common Vulnerability Exposure (CVE) ID: CVE-2021-35559
Common Vulnerability Exposure (CVE) ID: CVE-2021-35561
Common Vulnerability Exposure (CVE) ID: CVE-2021-35564
Common Vulnerability Exposure (CVE) ID: CVE-2021-35565
Common Vulnerability Exposure (CVE) ID: CVE-2021-35567
Common Vulnerability Exposure (CVE) ID: CVE-2021-35578
Common Vulnerability Exposure (CVE) ID: CVE-2021-35586
Common Vulnerability Exposure (CVE) ID: CVE-2021-35588
Common Vulnerability Exposure (CVE) ID: CVE-2021-35603
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.