Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 17.04/16.04 USN-3366-1 Critical: OpenJDK 8 Security Flaws

ubuntu
Calendar Grey July 26, 2017
Dist Ubuntu Esm H88
Numerous vulnerabilities in OpenJDK 11 resolved in Ubuntu 20.04 and 18.04 LTS, encompassing memory corruption and privilege escalation weaknesses.
Several security issues were fixed in OpenJDK 8.

Summary

Several security issues were fixed in OpenJDK 8.

Software Description:

- openjdk-8: Open Source Java implementation

Details:

It was discovered that the JPEGImageReader class in OpenJDK would

incorrectly read unused image data. An attacker could use this to

specially construct a jpeg image file that when opened by a Java

application would cause a denial of service. (CVE-2017-10053)

It was discovered that the JAR verifier in OpenJDK did not properly

handle archives containing files missing digests. An attacker could

use this to modify the signed contents of a JAR file. (CVE-2017-10067)

It was discovered that integer overflows existed in the Hotspot

component of OpenJDK when generating range check loop predicates. An

attacker could use this to specially construct an untrusted Java

application or applet that could escape sandbox restrictions

and cause a denial of service or possibly execute arbitrary

code. (CVE-2017-10074)

It was discovered that the JavaScript Scripting component...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  openjdk-8-jdk                   8u131-b11-2ubuntu1.17.04.2
  openjdk-8-jdk-headless          8u131-b11-2ubuntu1.17.04.2
  openjdk-8-jre                   8u131-b11-2ubuntu1.17.04.2
  openjdk-8-jre-headless          8u131-b11-2ubuntu1.17.04.2
  openjdk-8-jre-zero              8u131-b11-2ubuntu1.17.04.2

Ubuntu 16.04 LTS:
  openjdk-8-jdk                   8u131-b11-2ubuntu1.16.04.2
  openjdk-8-jdk-headless          8u131-b11-2ubuntu1.16.04.2
  openjdk-8-jre                   8u131-b11-2ubuntu1.16.04.2
  openjdk-8-jre-headless          8u131-b11-2ubuntu1.16.04.2
  openjdk-8-jre-jamvm             8u131-b11-2ubuntu1.16.04.2
  openjdk-8-jre-zero              8u131-b11-2ubuntu1.16.04.2

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078,

CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090,

CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107,

CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111,

CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135,

CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243

Severity
critical
Lowest
Low
Medium
High
Critical

July 26, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here