21.08.500.0

Need help?

Schedule a consultation with an Azul performance expert.

21.08.500.0

Release date: April 19, 2022

This PSU release is based on the following OpenJDK versions:

Major Version	OpenJDK Version
7	7u341
8	8u331
11	11.0.14.1.101+3
13	13.0.10.0.101+2
15	15.0.6.0.101+2

What’s New

Internal bug fixes.
April 2022 CPU release security fixes.

CVE fixes

CVE #	Component	Protocol	Remote Exploit w/o Auth.	Base Score	Attack Vector	Attack Complex	Privileges Req’d	User Interact	Scope	Confiden-tiality	Integrity	Availability	Versions Affected	Notes
CVE-2018-25032	ZIP	Multiple	Yes	7.5	Network	Low	None	None	Unchanged	None	None	High	17, 15, 13, 11, 8, 7, 6
CVE-2022-21449	Libraries	Multiple	Yes	7.5	Network	Low	None	None	Unchanged	None	High	None	18, 17, 15	Note 1
CVE-2022-21476	Libraries	Multiple	Yes	7.5	Network	Low	None	None	Unchanged	High	None	None	18, 17, 15, 13, 11, 8, 7	Note 1
CVE-2022-21426	JAXP	Multiple	Yes	5.3	Network	Low	None	None	Unchanged	None	None	Low	18, 17, 15, 13, 11, 8, 7, 6	Note 1
CVE-2022-21434	Libraries	Multiple	Yes	5.3	Network	Low	None	None	Unchanged	None	Low	None	18, 17, 15, 13, 11, 8, 7, 6	Note 1
CVE-2022-21496	JNDI	Multiple	Yes	5.3	Network	Low	None	None	Unchanged	None	Low	None	18, 17, 15, 13, 11, 8, 7, 6	Note 1
CVE-2022-21443	Libraries	Multiple	Yes	3.7	Network	High	None	None	Unchanged	None	None	Low	18, 17, 15, 13, 11, 8, 7, 6	Note 1
CVE-2022-0778 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.	Oracle GraalVM Enterprise Edition: Node (OpenSSL)	HTTPS	Yes	7.5	Network	Low	None	None	Unchanged	None	None	High	None

CVE #

Component

Protocol

Remote Exploit w/o Auth.

Base Score

Attack Vector

Attack Complex

Privileges Req’d

User Interact

Scope

Confiden-tiality

Integrity

Availability

Versions Affected

Notes

CVE-2018-25032

ZIP

Multiple

Yes

7.5

Network

Low

None

Unchanged

None

High

17, 15, 13, 11, 8, 7, 6

CVE-2022-21449

Libraries

Multiple

Yes

7.5

Network

Low

None

Unchanged

None

High

None

18, 17, 15

Note 1

CVE-2022-21476

Libraries

Multiple

Yes

7.5

Network

Low

None

Unchanged

High

None

18, 17, 15, 13, 11, 8, 7

Note 1

CVE-2022-21426

JAXP

Multiple

Yes

5.3

Network

Low

None

Unchanged

None

Low

18, 17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21434

Libraries

Multiple

Yes

5.3

Network

Low

None

Unchanged

None

Low

None

18, 17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21496

JNDI

Multiple

Yes

5.3

Network

Low

None

Unchanged

None

Low

None

18, 17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-21443

Libraries

Multiple

Yes

3.7

Network

High

None

Unchanged

None

Low

18, 17, 15, 13, 11, 8, 7, 6

Note 1

CVE-2022-0778 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE.

Oracle GraalVM Enterprise Edition: Node (OpenSSL)

HTTPS

Yes

7.5

Network

Low

None

Unchanged

None

High

None

Notes:

ID	Notes
1	This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Notes

This vulnerability applies to Java deployments, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Resolved Issues

There are no resolved issues associated with this release.

Known Issues

There are no new issues to report in this release.