Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 16.04 LTS: USN-4080-1 Critical: OpenJDK 8 Security Issues

ubuntu
Calendar Grey July 30, 2019
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in OpenJDK 8 for Ubuntu 16.04 LTS. Users are encouraged to upgrade to enhance protection against risks.
Several security issues were fixed in OpenJDK.

Summary

Several security issues were fixed in OpenJDK.

Software Description:

- openjdk-8: Open Source Java implementation

Details:

Keegan Ryan discovered that the ECC implementation in OpenJDK was not

sufficiently resilient to side-channel attacks. An attacker could possibly

use this to expose sensitive information. (CVE-2019-2745)

It was discovered that OpenJDK did not sufficiently validate serial streams

before deserializing suppressed exceptions in some situations. An attacker

could use this to specially craft an object that, when deserialized, would

cause a denial of service. (CVE-2019-2762)

It was discovered that in some situations OpenJDK did not properly bound

the amount of memory allocated during object deserialization. An attacker

could use this to specially craft an object that, when deserialized, would

cause a denial of service (excessive memory consumption). (CVE-2019-2769)

It was discovered that OpenJDK did not properly restrict privileges in

certain situations. An attac...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  openjdk-8-jdk                   8u222-b10-1ubuntu1~16.04.1
  openjdk-8-jdk-headless          8u222-b10-1ubuntu1~16.04.1
  openjdk-8-jre                   8u222-b10-1ubuntu1~16.04.1
  openjdk-8-jre-headless          8u222-b10-1ubuntu1~16.04.1
  openjdk-8-jre-jamvm             8u222-b10-1ubuntu1~16.04.1
  openjdk-8-jre-zero              8u222-b10-1ubuntu1~16.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4080-1

CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786,

CVE-2019-2816, CVE-2019-2842, CVE-2019-7317

Severity
critical
Lowest
Low
Medium
High
Critical

July 31, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.