Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2JAVA-OPENJDK11-2021-001

Related Vulnerabilities: CVE-2021-44228   CVE-2021-45046  

No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM. This update modifies Amazon Linux packages that provide a JVM to also install the AWS-developed hotpatch to mitigate CVE-2021-44228 or CVE-2021-45046 by default. For more information on the hotpatch package in Amazon Linux, see https://alas.aws.amazon.com/announcements/2021-001.html

Source

ALAS2JAVA-OPENJDK11-2021-001

Amazon Linux 2 Security Advisory: ALASJAVA-OPENJDK11-2021-001
Advisory Release Date: 2021-12-17 18:40 Pacific
Advisory Updated Date: 2021-12-17 22:58 Pacific
Severity: Critical
Issue Overview:

No versions of an Amazon Linux Java Virtual Machine (JVM) are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM. This update modifies Amazon Linux packages that provide a JVM to also install the AWS-developed hotpatch to mitigate CVE-2021-44228 or CVE-2021-45046 by default. For more information on the hotpatch package in Amazon Linux, see https://alas.aws.amazon.com/announcements/2021-001.html


Affected Packages:

java-11-openjdk


Issue Correction:
Run yum update java-11-openjdk to update your system.

New Packages:
aarch64:
    java-11-openjdk-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-headless-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-headless-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-devel-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-devel-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-static-libs-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-static-libs-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-jmods-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-jmods-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-demo-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-demo-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-src-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-src-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-javadoc-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-javadoc-zip-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-javadoc-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-javadoc-zip-debug-11.0.13.0.8-1.amzn2.0.3.aarch64
    java-11-openjdk-debuginfo-11.0.13.0.8-1.amzn2.0.3.aarch64

src:
    java-11-openjdk-11.0.13.0.8-1.amzn2.0.3.src

x86_64:
    java-11-openjdk-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-headless-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-headless-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-devel-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-devel-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-static-libs-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-static-libs-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-jmods-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-jmods-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-demo-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-demo-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-src-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-src-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-javadoc-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-javadoc-zip-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-javadoc-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-javadoc-zip-debug-11.0.13.0.8-1.amzn2.0.3.x86_64
    java-11-openjdk-debuginfo-11.0.13.0.8-1.amzn2.0.3.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started