Lucene search

K
debianDebianDEBIAN:DLA-1339-1:B1DCE
HistoryApr 03, 2018 - 9:05 p.m.

[SECURITY] [DLA 1339-1] openjdk-7 security update

2018-04-0321:05:12
lists.debian.org
72
openjdk-7
debian 7
security update
denial of service
unauthorized access
sandbox bypass
http header injection
cve-2018-2579
cve-2018-2588
cve-2018-2599
cve-2018-2602
cve-2018-2603
cve-2018-2618
cve-2018-2629
cve-2018-2633
cve-2018-2634
cve-2018-2637
cve-2018-2641
cve-2018-2663
cve-2018-2677
cve-2018-2678
debian lts

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

72.1%

Package : openjdk-7
Version : 7u171-2.6.13-1~deb7u1
CVE ID : CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602
CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633
CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663
CVE-2018-2677 CVE-2018-2678
Debian Bug : 891330

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, unauthorized access, sandbox bypass or HTTP header injection.

For Debian 7 "Wheezy", these problems have been fixed in version
7u171-2.6.13-1~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

72.1%