Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that a race condition existed in the cryptography
implementation in OpenJDK. An attacker could possibly use this to expose
sensitive information. (CVE-2018-2579)
It was discovered that the Hotspot component of OpenJDK did not properly
validate uses of the invokeinterface JVM instruction. An attacker could
possibly use this to access unauthorized resources. (CVE-2018-2582)
It was discovered that the LDAP implementation in OpenJDK did not properly
encode login names. A remote attacker could possibly use this to expose
sensitive information. (CVE-2018-2588)
It was discovered that the DNS client implementation in OpenJDK did not
properly randomize source ports. A remote attacker could use this to spoof
responses to DNS queries made by Java applications. (CVE-2018-2599)
It was discovered that the Internationalization component of OpenJDK did
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: openjdk-8-jdk 8u162-b12-0ubuntu0.17.10.2 openjdk-8-jdk-headless 8u162-b12-0ubuntu0.17.10.2 openjdk-8-jre 8u162-b12-0ubuntu0.17.10.2 openjdk-8-jre-headless 8u162-b12-0ubuntu0.17.10.2 openjdk-8-jre-zero 8u162-b12-0ubuntu0.17.10.2 Ubuntu 16.04 LTS: openjdk-8-jdk 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jdk-headless 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-headless 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-jamvm 8u162-b12-0ubuntu0.16.04.2 openjdk-8-jre-zero 8u162-b12-0ubuntu0.16.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3613-1
CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599,
CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629,
CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641,
CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
Get the latest Linux and open source security news straight to your inbox.