Several security issues were fixed in OpenJDK.
Software Description:
- openjdk-lts: Open Source Java implementation
- openjdk-8: Open Source Java implementation
Details:
Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side-
channel vulnerability existed in the ECDSA implementation in OpenJDK. An
Attacker could use this to expose sensitive information. (CVE-2019-2894)
It was discovered that the Socket implementation in OpenJDK did not
properly restrict the creation of subclasses with a custom Socket
implementation. An attacker could use this to specially create a Java class
that could possibly bypass Java sandbox restrictions. (CVE-2019-2945)
Rob Hamm discovered that the Kerberos implementation in OpenJDK did not
properly handle proxy credentials. An attacker could possibly use this to
impersonate another user. (CVE-2019-2949)
It was discovered that a NULL pointer dereference existed in the font
handling implementation in OpenJDK. An attacker could use this to...
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: openjdk-11-jdk 11.0.5+10-0ubuntu1.1 openjdk-11-jre 11.0.5+10-0ubuntu1.1 openjdk-11-jre-headless 11.0.5+10-0ubuntu1.1 openjdk-11-jre-zero 11.0.5+10-0ubuntu1.1 Ubuntu 19.04: openjdk-11-jdk 11.0.5+10-0ubuntu1.1~19.04 openjdk-11-jre 11.0.5+10-0ubuntu1.1~19.04 openjdk-11-jre-headless 11.0.5+10-0ubuntu1.1~19.04 openjdk-11-jre-zero 11.0.5+10-0ubuntu1.1~19.04 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre-headless 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre-zero 11.0.5+10-0ubuntu1.1~18.04 Ubuntu 16.04 LTS: openjdk-8-jdk 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-headless 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-jamvm 8u232-b09-0ubuntu1~16.04.1 openjdk-8-jre-zero 8u232-b09-0ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4223-1
CVE-2019-2894, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962,
CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2977,
CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987,
CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999
Get the latest Linux and open source security news straight to your inbox.