AVG-2687 log

Package jdk17-openjdk, jre17-openjdk, jre17-openjdk-headless
Status Fixed
Severity High
Type multiple issues
Affected 17.0.2-1
Fixed 17.0.3.u7-2
Current 17.0.11.u9-1 [extra]
Ticket None
Created Tue May 3 19:47:01 2022
Issue Severity Remote Type Description
CVE-2022-21496 Medium Yes Unknown
CVE-2022-21476 High Yes Unknown
CVE-2022-21449 High Yes Insufficient validation
The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.
CVE-2022-21443 Low Yes Unknown
CVE-2022-21434 Medium Yes Unknown
CVE-2022-21426 Medium Yes Unknown