You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openjdk-lts

Sigurnosni nedostaci programskog paketa openjdk-lts

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3747-1
August 21, 2018

openjdk-lts vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJDK 10.

Software Description:
– openjdk-lts: Java runtime based on OpenJDK (debugging symbols)

Details:

It was discovered that OpenJDK did not properly validate types in some
situations. An attacker could use this to construct a Java class that could
possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)

It was discovered that the PatternSyntaxException class in OpenJDK did not
properly validate arguments passed to it. An attacker could use this to
potentially construct a class that caused a denial of service (excessive
memory consumption). (CVE-2018-2952)

Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode
(GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker
could use this to expose sensitive information. (CVE-2018-2972)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
openjdk-11-jre 10.0.2+13-1ubuntu0.18.04.1
openjdk-11-jre-headless 10.0.2+13-1ubuntu0.18.04.1
openjdk-11-jre-zero 10.0.2+13-1ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3747-1
CVE-2018-2825, CVE-2018-2826, CVE-2018-2952, CVE-2018-2972

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/10.0.2+13-1ubuntu0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlt7oT0ACgkQLwmejQBe
gfRpEQ/7BzwefKEEZls1NoKbIxth6ZF/YZHod0wPJ70T2cQuQN7F/qjrHFk5RK/Y
OMsrq/esPlQamxTyN9cYOJFg59iySMfYHaXd9ZVL8qS5MhXkJUvok4tivKzdCOYh
Va1EXAFblpqYVCnU9KLcgutXLag8sGCSr8UT21SPFu6OaCThXJYMViFGTwgo8Xf4
Pw6Oc+pHzVyaGHcuxrwLPuH1tt64cvXYy+q7zrMxmwyxwUKGQ5YeO6dGFDXcnYwa
C1ETelxtpS2Zmxh1ypRHjYLwsjGUyOyokbtB4TA015OuaSYyA8K7pB/zA93yTAGk
Hv5ggAIOEUDg5tbuUEEAevfMji9rc4EhLCWxN7nDxr3IaTyb3TNtDfbN8gdl3Odx
DFJVA1zEmN5zWQrhaC7hckKCIxsP4fDr0TYtK+86/Wm009DkZ/WkUYOILAcu+KNm
q0ri8Lq49K/WWbwwnlncSCEAKIftKCB2vI3xUL7WN9GgfFvU/sEDPiSlVsJ8gg1r
VajStNUFpmbZ4aZTacc5tCSgGcTXipUX55AaCwyJ8P5blZd0WY+l+u35+UKlqV7u
hhQcTLko5LknDI6SX5DXQARjlsKnhcjR6b7pD44Xqa6jusRKoknM3zQXTX7JKCzK
1vU9AU0PP6mxbYUjmhL2YZZFTLfVU8vorZC4F6BVxN6h+iKvk/4=
=j//f
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija ili izazivanje DoS stanja....

Close