General Network Management

Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected

Hello, any Vulnerability Notices put out by Extreme can be found here. You can subscribe to that community to get an email every time there is a new VN identified.
Original Message:
Sent: 01-20-2022 04:17
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected

I thank you for the link, but checking the xmc versions of java and mysql looks like they are affected.


Shurly a non announcement is no "not affected statement".

The XMC installed java version is: openjdk version "1.8.0_222"

Openjdk says:

OpenJDK Vulnerability Advisory: 2022/01/18

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.


The xmc installed mysql version is: Ver 14.14 Distrib 5.7.27, for linux-glibc2.12 (x86_64) using EditLine wrapper

Oracle lists for example CVE-2021-22946 with a score of 7.5 witch is remote exploitable with mysql 5.7.36 and prior.

Original Message:
Sent: 01-20-2022 08:37
From: Sam Pirok
Subject: Oracle Critical Patch Update Advisory Jan 2022

Hello, any Vulnerability Notices put out by Extreme can be found here. You can subscribe to that community to get an email every time there is a new VN identified.
Original Message:
Sent: 01-20-2022 04:17
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected

I appreciate you elaborating for me. I spoke with our security team about this and they requested that we open a  support case so our support team can initiate a PSIRT/CVE review for this specifically. You can open a case on our Extreme Portal, under Support.
Original Message:
Sent: 01-20-2022 09:25
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

I thank you for the link, but checking the xmc versions of java and mysql looks like they are affected.


Shurly a non announcement is no "not affected statement".

The XMC installed java version is: openjdk version "1.8.0_222"

Openjdk says:

OpenJDK Vulnerability Advisory: 2022/01/18

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.


The xmc installed mysql version is: Ver 14.14 Distrib 5.7.27, for linux-glibc2.12 (x86_64) using EditLine wrapper

Oracle lists for example CVE-2021-22946 with a score of 7.5 witch is remote exploitable with mysql 5.7.36 and prior.

Original Message:
Sent: 01-20-2022 08:37
From: Sam Pirok
Subject: Oracle Critical Patch Update Advisory Jan 2022

Hello, any Vulnerability Notices put out by Extreme can be found here. You can subscribe to that community to get an email every time there is a new VN identified.
Original Message:
Sent: 01-20-2022 04:17
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected

I already opend a case: 02508098

But thought maybe the topic was already discussed here.
Original Message:
Sent: 01-20-2022 12:14
From: Sam Pirok
Subject: Oracle Critical Patch Update Advisory Jan 2022

I appreciate you elaborating for me. I spoke with our security team about this and they requested that we open a  support case so our support team can initiate a PSIRT/CVE review for this specifically. You can open a case on our Extreme Portal, under Support.
Original Message:
Sent: 01-20-2022 09:25
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

I thank you for the link, but checking the xmc versions of java and mysql looks like they are affected.


Shurly a non announcement is no "not affected statement".

The XMC installed java version is: openjdk version "1.8.0_222"

Openjdk says:

OpenJDK Vulnerability Advisory: 2022/01/18

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.


The xmc installed mysql version is: Ver 14.14 Distrib 5.7.27, for linux-glibc2.12 (x86_64) using EditLine wrapper

Oracle lists for example CVE-2021-22946 with a score of 7.5 witch is remote exploitable with mysql 5.7.36 and prior.

Original Message:
Sent: 01-20-2022 08:37
From: Sam Pirok
Subject: Oracle Critical Patch Update Advisory Jan 2022

Hello, any Vulnerability Notices put out by Extreme can be found here. You can subscribe to that community to get an email every time there is a new VN identified.
Original Message:
Sent: 01-20-2022 04:17
From: e.steuber
Subject: Oracle Critical Patch Update Advisory Jan 2022

Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected