USN-6527-1: OpenJDK vulnerabilities
Published Nov 29, 2023
ยทUpdated
Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. (CVE-2023-22025) It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service. (CVE-2023-22081)
Affected Software
120 affected componentsFixes available
All of the following
ubuntu/openjdk-11-jdk<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-11-jdk-headless<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-11-jre<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-11-jre-headless<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-11-jre-zero<11.0.21+9-0ubuntu1~23.10
11.0.21+9-0ubuntu1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-17-jdk<17.0.9+9-1~23.10
17.0.9+9-1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-17-jdk-headless<17.0.9+9-1~23.10
17.0.9+9-1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-17-jre<17.0.9+9-1~23.10
17.0.9+9-1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-17-jre-headless<17.0.9+9-1~23.10
17.0.9+9-1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-17-jre-zero<17.0.9+9-1~23.10
17.0.9+9-1~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-21-jdk<21.0.1+12-2~23.10
21.0.1+12-2~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-21-jdk-headless<21.0.1+12-2~23.10
21.0.1+12-2~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-21-jre<21.0.1+12-2~23.10
21.0.1+12-2~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-21-jre-headless<21.0.1+12-2~23.10
21.0.1+12-2~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-21-jre-zero<21.0.1+12-2~23.10
21.0.1+12-2~23.10
Ubuntu Ubuntu=23.10
All of the following
ubuntu/openjdk-11-jdk<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-11-jdk-headless<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-11-jre<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-11-jre-headless<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-11-jre-zero<11.0.21+9-0ubuntu1~23.04
11.0.21+9-0ubuntu1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-17-jdk<17.0.9+9-1~23.04
17.0.9+9-1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-17-jdk-headless<17.0.9+9-1~23.04
17.0.9+9-1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-17-jre<17.0.9+9-1~23.04
17.0.9+9-1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-17-jre-headless<17.0.9+9-1~23.04
17.0.9+9-1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-17-jre-zero<17.0.9+9-1~23.04
17.0.9+9-1~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-21-jdk<21.0.1+12-2~23.04
21.0.1+12-2~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-21-jdk-headless<21.0.1+12-2~23.04
21.0.1+12-2~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-21-jre<21.0.1+12-2~23.04
21.0.1+12-2~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-21-jre-headless<21.0.1+12-2~23.04
21.0.1+12-2~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-21-jre-zero<21.0.1+12-2~23.04
21.0.1+12-2~23.04
Ubuntu Ubuntu=23.04
All of the following
ubuntu/openjdk-11-jdk<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-11-jdk-headless<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-11-jre<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-11-jre-headless<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-11-jre-zero<11.0.21+9-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-17-jdk<17.0.9+9-1~22.04
17.0.9+9-1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-17-jdk-headless<17.0.9+9-1~22.04
17.0.9+9-1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-17-jre<17.0.9+9-1~22.04
17.0.9+9-1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-17-jre-headless<17.0.9+9-1~22.04
17.0.9+9-1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-17-jre-zero<17.0.9+9-1~22.04
17.0.9+9-1~22.04
Ubuntu Ubuntu=22.04
All of the following
ubuntu/openjdk-11-jdk<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-11-jdk-headless<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-11-jre<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-11-jre-headless<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-11-jre-zero<11.0.21+9-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-17-jdk<17.0.9+9-1~20.04
17.0.9+9-1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-17-jdk-headless<17.0.9+9-1~20.04
17.0.9+9-1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-17-jre<17.0.9+9-1~20.04
17.0.9+9-1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-17-jre-headless<17.0.9+9-1~20.04
17.0.9+9-1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-17-jre-zero<17.0.9+9-1~20.04
17.0.9+9-1~20.04
Ubuntu Ubuntu=20.04
All of the following
ubuntu/openjdk-11-jdk<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-11-jdk-headless<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-11-jre<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-11-jre-headless<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-11-jre-zero<11.0.21+9-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-17-jdk<17.0.9+9-1~18.04
17.0.9+9-1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-17-jdk-headless<17.0.9+9-1~18.04
17.0.9+9-1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-17-jre<17.0.9+9-1~18.04
17.0.9+9-1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-17-jre-headless<17.0.9+9-1~18.04
17.0.9+9-1~18.04
Ubuntu Ubuntu=18.04
All of the following
ubuntu/openjdk-17-jre-zero<17.0.9+9-1~18.04
17.0.9+9-1~18.04
Ubuntu Ubuntu=18.04
Event History
Nov 29, 2023
Advisory Published
via Ubuntuยท12:00 AM
Frequently Asked Questions
1
What is the severity of USN-6527-1?
USN-6527-1 is classified with high severity due to the potential for memory corruption and denial of service.
2
How do I fix USN-6527-1?
To fix USN-6527-1, upgrade your OpenJDK installation to versions 11.0.21+9-0ubuntu1~23.10, 17.0.9+9-1~23.10, or 21.0.1+12-2~23.10.
3
What applications are affected by USN-6527-1?
USN-6527-1 affects applications built using OpenJDK with AVX-512 instruction support enabled on Ubuntu 23.10.
4
Who discovered the vulnerability related to USN-6527-1?
The vulnerability related to USN-6527-1 was discovered by Carter Kozak.
5
Is there a workaround for USN-6527-1 until a fix is applied?
There is no official workaround for USN-6527-1; applying the available updates is recommended.