[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] SpringShell and recent OpenJDK updates
From:       "Kevin Decherf" <kevin () kdecherf ! com>
Date:       2022-03-31 13:33:18
Message-ID: 5379a9a1-f13a-4d98-97b1-37c11dfe9d0a () www ! fastmail ! com
[Download RAW message or body]

On Wed, Mar 30, 2022, at 22:15, Alan Coopersmith wrote:
> On 3/30/22 11:31, Jeffrey Walton wrote:
>> Hi Everyone,
>> 
>> I saw Ubuntu patched OpenJDK 11 recently. [1] Was that due to SpringShell? [2]
>
> The Spring Framework is separate from OpenJDK.  (Perhaps you were thinking of
> the Swing framework, which is part of OpenJDK?)
>
> The latest I've seen on SpringShell suggests it was dropped without warning
> as a zero-day: https://bugalert.org/content/notices/2022-03-30-spring.html

Here are official announcements regarding the Spring Framework RCE:
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
- https://tanzu.vmware.com/security/cve-2022-22965

-- 
Kevin Decherf - @Kdecherf
GPG 0x108ABD75A81E6E2F
https://kdecherf.com
[prev in list] [next in list] [prev in thread] [next in thread]