来源:OpenJDK官网
发布日期:2021-10-19
阅读次数:14515
评论:0
更新标题
OpenJDK Vulnerability Advisory: 2021/10/19
更新详情
OpenJDK Vulnerability Advisory: 2021/10/19
The following vulnerabilities in OpenJDK source code were fixed
in this release. The affected versions are 16.0.2, 15.0.4, 13.0.8,
11.0.12, 8u302, 7u311, and earlier. Please note that
defense-in-depth issues are not assigned CVEs. We recommend that
you upgrade as soon as possible.
The current and previous advisories are
available for reference.
OpenJDK Risk matrix
Affects ...
CVE ID
Component
CVSSv3.1
7
8
11
13
15
17
CVE-2021-35567
security-libs/
java.security
6.8
•
•
•
•
•
CVE-2021-35550
security-libs/
javax.net.ssl
5.9
•
•
•
•
•
CVE-2021-35586
client-libs/
javax.imageio
5.3
•
•
•
•
•
•
CVE-2021-35564
security-libs/
java.security
5.3
•
•
•
•
•
•
CVE-2021-35561
core-libs/
java.util
5.3
•
•
•
•
•
•
CVE-2021-35565
core-libs/
java.net
5.3
•
•
•
•
•
CVE-2021-35559
client-libs/
javax.swing
5.3
•
•
•
•
•
•
CVE-2021-35578
security-libs/
javax.net.ssl
5.3
•
•
•
•
•
CVE-2021-35556
client-libs/
javax.swing
5.3
•
•
•
•
•
•
CVE-2021-35603
security-libs/
javax.net.ssl
3.7
•
•
•
•
•
•
CVE-2021-35588
hotspot/
runtime
3.1
•
•
OpenJFX Risk matrix
Affects ...
CVE ID
Component
CVSSv3.1
7
8
11
13
15
17
CVE-2021-3517
javafx/
web
8.6
•
•
•
CVE-2021-3522
javafx/
media
5.5
•
•
•
Acknowledgements
We acknowledge the following parties for their reports and
contributions: Artem Smotrakov, Asaf Greenholts, Chuck Hunley,
Dhananjay Arunesh, Fabian Meumertzheim, Juho Nurminen, Markus
Loewe, Paul Fiterau-Brostean, and Tristen Hayfield.
We also thank the Leads of the JDK 7
Updates, JDK 8 Updates, JDK 11
Updates, JDK 13
Updates, JDK 15
Updates, and OpenJFX
Projects for providing the risk-matrix information for their
releases.
How to report a vulnerability
Please see the reporting
instructions for information about how to report a
vulnerability.
Last update: 2021/10/19 17:43 UTC
软件描述
OpenJDK是一款只能运行在i386 和AMD-64机器上的软件。
评论