Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)
It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)
It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions
and cause a denial of service or possibly execute arbitrary
code. (CVE-2017-10074)
It was discovered that the JavaScript Scripting component...
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: openjdk-8-jdk 8u131-b11-2ubuntu1.17.04.2 openjdk-8-jdk-headless 8u131-b11-2ubuntu1.17.04.2 openjdk-8-jre 8u131-b11-2ubuntu1.17.04.2 openjdk-8-jre-headless 8u131-b11-2ubuntu1.17.04.2 openjdk-8-jre-zero 8u131-b11-2ubuntu1.17.04.2 Ubuntu 16.04 LTS: openjdk-8-jdk 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jdk-headless 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-headless 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-jamvm 8u131-b11-2ubuntu1.16.04.2 openjdk-8-jre-zero 8u131-b11-2ubuntu1.16.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078,
CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090,
CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107,
CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111,
CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135,
CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
Get the latest Linux and open source security news straight to your inbox.