OpenJDK: Multiple Vulnerabilities — GLSA 202209-05

Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in denial of service.

Affected packages

dev-java/openjdk on all architectures
Affected versions < 17.0.2_p8
< 11.0.14_p9
< 8.322_p06
Unaffected versions >= 17.0.2_p8
>= 11.0.14_p9
>= 8.322_p06
dev-java/openjdk-bin on all architectures
Affected versions < 17.0.2_p8
< 11.0.14_p9
< 8.322_p06
Unaffected versions >= 17.0.2_p8
>= 11.0.14_p9
>= 8.322_p06
dev-java/openjdk-jre-bin on all architectures
Affected versions < 17.0.2_p8
< 11.0.14_p9
< 8.322_p06
Unaffected versions >= 17.0.2_p8
>= 11.0.14_p9
>= 8.322_p06

Background

OpenJDK is an open source implementation of the Java programming language.

Description

Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenJDK 8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8"
 

All OpenJDK 8 JRE binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8"
 

All OpenJDK 8 binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8"
 

All OpenJDK 11 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11"
 

All OpenJDK 11 JRE binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11"
 

All OpenJDK 11 binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11"
 

All OpenJDK 17 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17"
 

All OpenJDK 17 JRE binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17"
 

All OpenJDK 17 binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17"
 

References

Release date
September 07, 2022

Latest revision
September 07, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries