Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6263.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6263-2)
Summary:	The remote host is missing an update for the 'openjdk-17, openjdk-lts' package(s) announced via the USN-6263-2 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-17, openjdk-lts' package(s) announced via the USN-6263-2 advisory. Vulnerability Insight: USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006) Eirik Bjorsnos discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22036) David Stancu discovered that OpenJDK had a flaw in the AES cipher implementation. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22041) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses when using the binary '%' operator. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2023-22044) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22045) It was discovered that OpenJDK incorrectly sanitized URIs strings. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22049) It was discovered that OpenJDK incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-25193) Affected Software/OS: 'openjdk-17, openjdk-lts' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-22006 Debian Security Information: DSA-5458 (Google Search) https://www.debian.org/security/2023/dsa-5458 Debian Security Information: DSA-5478 (Google Search) https://www.debian.org/security/2023/dsa-5478 Oracle Advisory https://www.oracle.com/security-alerts/cpujul2023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2023-22036 Common Vulnerability Exposure (CVE) ID: CVE-2023-22041 Common Vulnerability Exposure (CVE) ID: CVE-2023-22044 Common Vulnerability Exposure (CVE) ID: CVE-2023-22045 Common Vulnerability Exposure (CVE) ID: CVE-2023-22049 Common Vulnerability Exposure (CVE) ID: CVE-2023-25193 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/ https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361 https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.