AVG-2686 log
| Package | jdk-openjdk, jre-openjdk, jre-openjdk-headless |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 18-1 |
| Fixed | 18.0.1u10-1 |
| Current | 25.0.1.u8-1 [extra] |
| Ticket | None |
| Created | Tue May 3 19:31:22 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-21496 | Medium | Yes | Unknown | |
| CVE-2022-21449 | High | Yes | Insufficient validation | The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key. |
| CVE-2022-21443 | Low | Yes | Unknown | |
| CVE-2022-21434 | Medium | Yes | Unknown | |
| CVE-2022-21426 | Medium | Yes | Unknown |
| References |
|---|
https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19 https://www.oracle.com/security-alerts/cpuapr2022.html https://security.netapp.com/advisory/ntap-20220429-0006/ |