QID 377822: Amazon Corretto Critical Patch Update (OCT2022)
QID 377822: Amazon Corretto Critical Patch Update (OCT2022)
Amazon Corretto is a no-cost, multiplatform, production-ready distribution of the Open Java Development Kit (OpenJDK) from Amazon.
Amazon Corretto released security updates to fix multiple vulnerabilities.
Affected Versions:
Amazon Corretto prior to: 8.352.08.1, 11.0.17.8.1, 17.0.5.8.1
QID Detection Logic (Authenticated):
This QID checks for:
“HKLM\Software\JavaSoft\Java Runtime Environment”
“HKLM\Software\Wow6432Node\JavaSoft\Java Runtime Environment”
“HKLM\Software\JavaSoft\Java Development Kit”
“HKLM\Software\Wow6432Node\JavaSoft\Java Development Kit”
“HKLM\Software\JavaSoft\JRE”
“HKLM\Software\Wow6432Node\JavaSoft\JRE”
“HKLM\Software\JavaSoft\JDK”
and “HKLM\Software\Wow6432Node\JavaSoft\JDK” subkeys and fetches JavaHome value, checks for version.txt file existence in the fetched location, performs jar extraction to confirm Amazon as the implementation vendor, then reads the version from version.txt and posts the QID on Windows Operating Systems
This QID executes java -version command and checks for the Corretto version on Linux Operating Systems
Successful exploitation of this vulnerability could result in unauthorized access and an attacker can gain access to sensitive information.
Medium – 5.3
severity.
Medium – 5
severity.
Solution
The vendor has released updates to resolve these issues.
Customers are advised to visit Amazon Corretto Download Page for latest version and more information.
Vendor References
- Amazon Corretto 11 –
github.com/corretto/corretto-11/blob/develop/CHANGELOG.md - Amazon Corretto 17 –
github.com/corretto/corretto-17/blob/develop/CHANGELOG.md - Amazon Corretto 19 –
github.com/corretto/corretto-19/blob/develop/CHANGELOG.md - Amazon Corretto 8 –
github.com/corretto/corretto-8/blob/develop/CHANGELOG.md
