oss-sec mailing list archives

SpringShell and recent OpenJDK updates

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 30 Mar 2022 14:31:41 -0400

Hi Everyone,

I saw Ubuntu patched OpenJDK 11 recently. [1] Was that due to SpringShell? [2]

Or stepping back a bit, did the SpringShell folks work with distros?
Or did they really drop a 0-day?

[1] https://ubuntu.com/security/notices/USN-5313-2
[2] https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

Jeff

Current thread:

SpringShell and recent OpenJDK updates Jeffrey Walton (Mar 30)
- Re: SpringShell and recent OpenJDK updates Seth Arnold (Mar 30)
- Re: SpringShell and recent OpenJDK updates Alan Coopersmith (Mar 30)
  - Re: SpringShell and recent OpenJDK updates Kevin Decherf (Mar 31)