USN-3949-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3949-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3949-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3949-1

Related

Published

2019-04-16T17:57:03.251919Z

Modified

2019-04-16T17:57:03.251919Z

Summary

openjdk-lts vulnerability

Details

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)

Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

References

Affected packages

Ubuntu:18.04:LTS / openjdk-lts

Package

Name: openjdk-lts
Purl: pkg:deb/ubuntu/openjdk-lts?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.2+9-3ubuntu1~18.04.3

Affected versions

9.*

9.0.4+12-2ubuntu4

9.0.4+12-4ubuntu1

Other

10~46-4ubuntu1

10~46-5ubuntu1

10.*

10.0.1+10-1ubuntu2

10.0.1+10-3ubuntu1

10.0.2+13-1ubuntu0.18.04.1

10.0.2+13-1ubuntu0.18.04.2

10.0.2+13-1ubuntu0.18.04.3

10.0.2+13-1ubuntu0.18.04.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-dbg"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-demo"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-doc"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-jdk"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-jdk-headless"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-jre"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-jre-headless"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-jre-zero"
        },
        {
            "binary_version": "11.0.2+9-3ubuntu1~18.04.3",
            "binary_name": "openjdk-11-source"
        }
    ]
}