cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle Critical Patch Update Advisory Jan 2022

Oracle Critical Patch Update Advisory Jan 2022

e_steuber
New Contributor II
Oracle released their CPU Advisories for Jan 2022
https://www.oracle.com/security-alerts/cpujan2022.html

Besides others there are several CVEs for Java and Mysql listed.

I would like to know if and how XMC is affected
4 REPLIES 4

SamPirok
Extreme Employee
Hello, any Vulnerability Notices put out by Extreme can be found here. You can subscribe to that community to get an email every time there is a new VN identified.

e_steuber
New Contributor II
I thank you for the link, but checking the xmc versions of java and mysql looks like they are affected.


Shurly a non announcement is no "not affected statement".

The XMC installed java version is: openjdk version "1.8.0_222"

Openjdk says:

OpenJDK Vulnerability Advisory: 2022/01/18

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.


The xmc installed mysql version is: Ver 14.14 Distrib 5.7.27, for linux-glibc2.12 (x86_64) using EditLine wrapper

Oracle lists for example CVE-2021-22946 with a score of 7.5 witch is remote exploitable with mysql 5.7.36 and prior.

I appreciate you elaborating for me. I spoke with our security team about this and they requested that we open a  support case so our support team can initiate a PSIRT/CVE review for this specifically. You can open a case on our Extreme Portal, under Support.

e_steuber
New Contributor II
I already opend a case: 02508098

But thought maybe the topic was already discussed here.
GTM-P2G8KFN