UbuntuUSN-3949-1OpenJDK 11 vulnerability
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
7.5 High
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.0%
Releases
- Ubuntu 18.04 ESM
Packages
- openjdk-lts - Open Source Java implementation
Details
It was discovered that a memory disclosure issue existed in the OpenJDK
Library subsystem. An attacker could use this to expose sensitive
information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)
Please note that with this update, the OpenJDK package in Ubuntu
18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several
additional packages were updated to be compatible with OpenJDK 11.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | openjdk-11-jdk | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-dbg | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-demo | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-doc | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-jdk-headless | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-jre | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-jre-headless | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-jre-zero | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
| Ubuntu | 18.04 | noarch | openjdk-11-source | < 11.0.2+9-3ubuntu1~18.04.3 | UNKNOWN |
References
Related
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
7.5 High
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.0%