AVG-2687 log

Package jdk17-openjdk, jre17-openjdk, jre17-openjdk-headless
Status Fixed
Severity High
Type multiple issues
Affected 17.0.2-1
Fixed 17.0.3.u7-2
Current 17.0.5.u1-1 [extra]
Ticket None
Created Tue May 3 19:47:01 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-21496 Medium Yes Unknown
CVE-2022-21476 High Yes Unknown
CVE-2022-21449 High Yes Insufficient validation
The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.
CVE-2022-21443 Low Yes Unknown
CVE-2022-21434 Medium Yes Unknown
CVE-2022-21426 Medium Yes Unknown
References
https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20220429-0006/