AVG-2687 log
| Package | jdk17-openjdk, jre17-openjdk, jre17-openjdk-headless |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 17.0.2-1 |
| Fixed | 17.0.3.u7-2 |
| Current | 17.0.11.u9-1 [extra] |
| Ticket | None |
| Created | Tue May 3 19:47:01 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-21496 | Medium | Yes | Unknown | |
| CVE-2022-21476 | High | Yes | Unknown | |
| CVE-2022-21449 | High | Yes | Insufficient validation | The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key. |
| CVE-2022-21443 | Low | Yes | Unknown | |
| CVE-2022-21434 | Medium | Yes | Unknown | |
| CVE-2022-21426 | Medium | Yes | Unknown |
| References |
|---|
https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19 https://www.oracle.com/security-alerts/cpuapr2022.html https://security.netapp.com/advisory/ntap-20220429-0006/ |