Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 14.04 LTS USN-3824-1 Critical: OpenJDK 7 Security Issues

ubuntu
Calendar Grey November 16, 2018
Dist Ubuntu Esm H88
Severe OpenJDK 7 vulnerabilities identified in Ubuntu 14.04 LTS may risk significant Java threats. Prompt updates advised.
Several security issues were fixed in OpenJDK 7.

Summary

Several security issues were fixed in OpenJDK 7.

Software Description:

- openjdk-7: Open Source Java implementation

Details:

It was discovered that the Security component of OpenJDK did not properly

ensure that manifest elements were signed before use. An attacker could

possibly use this to specially construct an untrusted Java application or

applet that could escape sandbox restrictions. (CVE-2018-3136)

Artem Smotrakov discovered that the HTTP client redirection handler

implementation in OpenJDK did not clear potentially sensitive information

in HTTP headers when following redirections to different hosts. An attacker

could use this to expose sensitive information. (CVE-2018-3139)

It was discovered that the Java Naming and Directory Interface (JNDI)

implementation in OpenJDK did not properly enforce restrictions specified

by system properties in some situations. An attacker could potentially use

this to execute arbitrary code. (CVE-2018-3149)

It was dis...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  icedtea-7-jre-jamvm             7u181-2.6.14-0ubuntu0.3
  openjdk-7-jdk                   7u181-2.6.14-0ubuntu0.3
  openjdk-7-jre                   7u181-2.6.14-0ubuntu0.3
  openjdk-7-jre-headless          7u181-2.6.14-0ubuntu0.3
  openjdk-7-jre-lib               7u181-2.6.14-0ubuntu0.3

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3824-1

CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169,

CVE-2018-3180

Severity
critical
Lowest
Low
Medium
High
Critical

November 16, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.