USN-3975-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-3975-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3975-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-3975-1

Related

Published

2019-05-13T19:36:19.267755Z

Modified

2019-05-13T19:36:19.267755Z

Summary

openjdk-8, openjdk-lts vulnerabilities

Details

It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602)

Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. (CVE-2019-2684)

Mateusz Jurczyk discovered a vulnerability in the 2D component of OpenJDK. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2697)

Mateusz Jurczyk discovered a vulnerability in the font layout engine of OpenJDK's 2D component. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2698)

References

Affected packages

Ubuntu:16.04:LTS / openjdk-8

Package

Name: openjdk-8
Purl: pkg:deb/ubuntu/openjdk-8?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8u212-b03-0ubuntu1.16.04.1

Affected versions

Other

8u66-b01-5

8u72-b05-1ubuntu1

8u72-b05-5

8u72-b05-6

8u72-b15-1

8u72-b15-2ubuntu1

8u72-b15-2ubuntu3

8u72-b15-3ubuntu1

8u77-b03-1ubuntu2

8u77-b03-3ubuntu1

8u77-b03-3ubuntu2

8u77-b03-3ubuntu3

8u91-b14-0ubuntu4~16.*

8u91-b14-0ubuntu4~16.04.1

8u91-b14-3ubuntu1~16.*

8u91-b14-3ubuntu1~16.04.1

8u111-b14-2ubuntu0.*

8u111-b14-2ubuntu0.16.04.2

8u121-b13-0ubuntu1.*

8u121-b13-0ubuntu1.16.04.2

8u131-b11-0ubuntu1.*

8u131-b11-0ubuntu1.16.04.2

8u131-b11-2ubuntu1.*

8u131-b11-2ubuntu1.16.04.2

8u131-b11-2ubuntu1.16.04.3

8u151-b12-0ubuntu0.*

8u151-b12-0ubuntu0.16.04.2

8u162-b12-0ubuntu0.*

8u162-b12-0ubuntu0.16.04.2

8u171-b11-0ubuntu0.*

8u171-b11-0ubuntu0.16.04.1

8u181-b13-0ubuntu0.*

8u181-b13-0ubuntu0.16.04.1

8u181-b13-1ubuntu0.*

8u181-b13-1ubuntu0.16.04.1

8u191-b12-0ubuntu0.*

8u191-b12-0ubuntu0.16.04.1

8u191-b12-2ubuntu0.*

8u191-b12-2ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-dbg"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-demo"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-doc"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jdk"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jdk-headless"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jre"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jre-headless"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jre-jamvm"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-jre-zero"
        },
        {
            "binary_version": "8u212-b03-0ubuntu1.16.04.1",
            "binary_name": "openjdk-8-source"
        }
    ]
}

Ubuntu:18.04:LTS / openjdk-lts

Package

Name: openjdk-lts
Purl: pkg:deb/ubuntu/openjdk-lts?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.3+7-1ubuntu2~18.04.1

Affected versions

9.*

9.0.4+12-2ubuntu4

9.0.4+12-4ubuntu1

Other

10~46-4ubuntu1

10~46-5ubuntu1

10.*

10.0.1+10-1ubuntu2

10.0.1+10-3ubuntu1

10.0.2+13-1ubuntu0.18.04.1

10.0.2+13-1ubuntu0.18.04.2

10.0.2+13-1ubuntu0.18.04.3

10.0.2+13-1ubuntu0.18.04.4

11.*

11.0.2+9-3ubuntu1~18.04.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-dbg"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-demo"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-doc"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-jdk"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-jdk-headless"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-jre"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-jre-headless"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-jre-zero"
        },
        {
            "binary_version": "11.0.3+7-1ubuntu2~18.04.1",
            "binary_name": "openjdk-11-source"
        }
    ]
}