Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
Keegan Ryan discovered that the ECC implementation in OpenJDK was not
sufficiently resilient to side-channel attacks. An attacker could possibly
use this to expose sensitive information. (CVE-2019-2745)
It was discovered that OpenJDK did not sufficiently validate serial streams
before deserializing suppressed exceptions in some situations. An attacker
could use this to specially craft an object that, when deserialized, would
cause a denial of service. (CVE-2019-2762)
It was discovered that in some situations OpenJDK did not properly bound
the amount of memory allocated during object deserialization. An attacker
could use this to specially craft an object that, when deserialized, would
cause a denial of service (excessive memory consumption). (CVE-2019-2769)
It was discovered that OpenJDK did not properly restrict privileges in
certain situations. An attac...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: openjdk-8-jdk 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-jamvm 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-zero 8u222-b10-1ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4080-1
CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786,
CVE-2019-2816, CVE-2019-2842, CVE-2019-7317
Get the latest Linux and open source security news straight to your inbox.