Lucene search

UbuntuUSN-3747-2

HistorySep 12, 2018 - 12:00 a.m.

OpenJDK 10 regression

2018-09-1200:00:00

ubuntu.com

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.7%

JSON

Releases

Ubuntu 18.04 ESM

Packages

openjdk-lts - Open Source Java implementation

Details

USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS.
Unfortunately, that update introduced a regression around accessability
support that prevented some Java applications from starting.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that OpenJDK did not properly validate types in some
situations. An attacker could use this to construct a Java class that could
possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)

It was discovered that the PatternSyntaxException class in OpenJDK did not
properly validate arguments passed to it. An attacker could use this to
potentially construct a class that caused a denial of service (excessive
memory consumption). (CVE-2018-2952)

Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode
(GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker
could use this to expose sensitive information. (CVE-2018-2972)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchopenjdk-11-jdk< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-dbg< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-demo< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-doc< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-jdk-headless< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-jre< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-jre-headless< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-jre-zero< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN
Ubuntu18.04noarchopenjdk-11-source< 10.0.2+13-1ubuntu0.18.04.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	openjdk-11-jdk	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-dbg	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-demo	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-doc	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-jdk-headless	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-jre	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-jre-headless	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-jre-zero	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN
Ubuntu	18.04	noarch	openjdk-11-source	< 10.0.2+13-1ubuntu0.18.04.2	UNKNOWN