oss-sec mailing list archives
Re: SpringShell and recent OpenJDK updates
From: "Kevin Decherf" <kevin () kdecherf com>
Date: Thu, 31 Mar 2022 15:33:18 +0200
On Wed, Mar 30, 2022, at 22:15, Alan Coopersmith wrote:
On 3/30/22 11:31, Jeffrey Walton wrote:Hi Everyone, I saw Ubuntu patched OpenJDK 11 recently. [1] Was that due to SpringShell? [2]The Spring Framework is separate from OpenJDK. (Perhaps you were thinking of the Swing framework, which is part of OpenJDK?) The latest I've seen on SpringShell suggests it was dropped without warning as a zero-day: https://bugalert.org/content/notices/2022-03-30-spring.html
Here are official announcements regarding the Spring Framework RCE: - https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement - https://tanzu.vmware.com/security/cve-2022-22965 -- Kevin Decherf - @Kdecherf GPG 0x108ABD75A81E6E2F https://kdecherf.com
Current thread:
- SpringShell and recent OpenJDK updates Jeffrey Walton (Mar 30)
- Re: SpringShell and recent OpenJDK updates Seth Arnold (Mar 30)
- Re: SpringShell and recent OpenJDK updates Alan Coopersmith (Mar 30)
- Re: SpringShell and recent OpenJDK updates Kevin Decherf (Mar 31)