AVG-2686 log

Package jdk-openjdk, jre-openjdk, jre-openjdk-headless
Status Fixed
Severity High
Type multiple issues
Affected 18-1
Fixed 18.0.1u10-1
Current 18.0.2.u9-1 [extra]
Ticket None
Created Tue May 3 19:31:22 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-21496 Medium Yes Unknown
CVE-2022-21449 High Yes Insufficient validation
The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.
CVE-2022-21443 Low Yes Unknown
CVE-2022-21434 Medium Yes Unknown
CVE-2022-21426 Medium Yes Unknown
References
https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20220429-0006/