You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openjdk-lts

Sigurnosni nedostaci programskog paketa openjdk-lts

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3747-2
September 12, 2018

openjdk-lts regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

USN-3747-1 introduced a regression in OpenJDK 10.

Software Description:
– openjdk-lts: Open Source Java implementation

Details:

USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS.
Unfortunately, that update introduced a regression around accessability
support that prevented some Java applications from starting.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that OpenJDK did not properly validate types in some
situations. An attacker could use this to construct a Java class that could
possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)

It was discovered that the PatternSyntaxException class in OpenJDK did not
properly validate arguments passed to it. An attacker could use this to
potentially construct a class that caused a denial of service (excessive
memory consumption). (CVE-2018-2952)

Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode
(GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker
could use this to expose sensitive information. (CVE-2018-2972)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
openjdk-11-jdk 10.0.2+13-1ubuntu0.18.04.2
openjdk-11-jdk-headless 10.0.2+13-1ubuntu0.18.04.2
openjdk-11-jre 10.0.2+13-1ubuntu0.18.04.2
openjdk-11-jre-headless 10.0.2+13-1ubuntu0.18.04.2
openjdk-11-jre-zero 10.0.2+13-1ubuntu0.18.04.2

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3747-2
https://usn.ubuntu.com/usn/usn-3747-1
https://launchpad.net/bugs/1788250

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/10.0.2+13-1ubuntu0.18.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAluZlskACgkQLwmejQBe
gfRt1xAAnCtl51726vQyMg0c2Nrflq2eC/8S3aN+BvG+7vNvJQg3w/+Rn1kygJGS
eYtYCWTD0Sxx8GYkVFtPMZSFCVe6JPX+rHOe0CBV0OXzMMP4cnb8egiEJKoaupHP
yiDDX99XzJ+Sweqlimp4ni5WZ2crpUk1yYq8oLs2aitYSU0BjfqtBiZdl/vUH7Tw
EP4rjgS8/jroM7aChi5ojYpG+sxmAtlDs3ivfv8BAj4xSl2E4TO0SGexfGXS0/3r
e2XbEwV9eT5JGy0wTcZI283e3buHBWjhkwB/ozL4FLBI3geyTu8JS7q+nJK4koMu
VtChzODt53YQLOwjnTPoWmCcPyfVcoV/rZ3oT+AONzUMQrtwBD6y9Z5y8i/tbwoS
hWNWiRk34Sttrv3BZv0hU0WwKIZAh4qOmojxYs1VBrVO4Ac8Oo+IIFFpocQIB+G5
sxAyoMtnKNO+Db511X4xr2ehnfToN9CItrd22cFQjZWNL6mDukkvQ9NGABvHfc/l
/zcozSmqXjUqnkF3v48SpJdUeVYlYOzTRnZozla3N6blUydeDj9BdbdvrOE1Hd/a
h/nnhxgDfRk3fPhAnaG+Bh27dv061mLLVHDLNPIXjHwAN/Pp+1nxEvN9j3Pm1DHR
z2KxtWV0GJUibSAZKz8ymM8EF7rCkXYSCBc3GGs3KqkJnIFfa0o=
=YusV
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Red Hat JBoss Web Server

Otkriven je sigurnosni nedostatak u programskom paketu Red Hat JBoss Web Server. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close