Bug 2108543 (CVE-2022-21541)
| Summary: | CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ahughes, caswilli, chazlett, dbhole, dffrench, dfitzmau, fjansen, gzaronik, jdowland, jkoehler, jochrist, jvanek, kaycoth, nengard, neugens, ngough, pjindal, rgodfrey, security-response-team, sraghupu, sthirugn, vkrizan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-30 16:55:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2106502, 2106503, 2106504, 2106505, 2106506, 2106507, 2106508, 2106509, 2106510, 2106511, 2106512, 2106513, 2106514, 2106515, 2106516, 2106517, 2106518, 2106519, 2106520, 2106521, 2106522, 2106523, 2106524, 2121471 | ||
| Bug Blocks: | 2106494 | ||
|
Description
Mauro Matteo Cascella
2022-07-19 09:36:57 UTC
Public now via Oracle CPU July 2022: https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA Fixed in Oracle Java SE 7u351, 8u341, 11.0.16, 17.0.4, 18.0.2. Release notes: https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351 https://www.oracle.com/java/technologies/javase/8u341-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5685 https://access.redhat.com/errata/RHSA-2022:5685 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5684 https://access.redhat.com/errata/RHSA-2022:5684 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5683 https://access.redhat.com/errata/RHSA-2022:5683 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5681 https://access.redhat.com/errata/RHSA-2022:5681 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5687 https://access.redhat.com/errata/RHSA-2022:5687 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5695 https://access.redhat.com/errata/RHSA-2022:5695 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5701 https://access.redhat.com/errata/RHSA-2022:5701 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5697 https://access.redhat.com/errata/RHSA-2022:5697 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5696 https://access.redhat.com/errata/RHSA-2022:5696 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5700 https://access.redhat.com/errata/RHSA-2022:5700 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5698 https://access.redhat.com/errata/RHSA-2022:5698 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5709 https://access.redhat.com/errata/RHSA-2022:5709 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5726 https://access.redhat.com/errata/RHSA-2022:5726 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5736 https://access.redhat.com/errata/RHSA-2022:5736 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5753 https://access.redhat.com/errata/RHSA-2022:5753 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5754 https://access.redhat.com/errata/RHSA-2022:5754 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5755 https://access.redhat.com/errata/RHSA-2022:5755 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5756 https://access.redhat.com/errata/RHSA-2022:5756 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5757 https://access.redhat.com/errata/RHSA-2022:5757 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5758 https://access.redhat.com/errata/RHSA-2022:5758 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/860464e46105b98ccf21e98abe2dc6e80155887c OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/132745902a4601dc64b2c8ca112ca30292feccb4 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/f14e35d20e1a4d0f507f05838844152f2242c6d3 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21541 |