[Info-vax] CVE-2022-21449 and Oracle products; Java, MySQL Connectors, databases, etc
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Apr 20 14:36:22 EDT 2022
Nasty ECDSA asymmetric cryptographic bug in Java.
Effects Java 15, 16, and 17, and 18, and a whole lot of dependent
products from Oracle and elsewhere.
The fix is reportedly included in the Oracle April 2022 critical update
for Java.
Seven other cryptographic flaws effecting Java 7, 8, and 11, and which
might (does?) mean that OpenVMS users of Java (VSI OpenJDK V8.0 u222,
HP/HPE Java JDK) are also vulnerable to remote exploitation.
https://www.oracle.com/security-alerts/cpuapr2022.html
Given what all has been happening in aggregate and more generally,
y'all really don't want to be down-revision on your critical patches.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list