Executive Summary
Summary | |
---|---|
Title | OpenJDK 8 regression |
Informations | |||
---|---|---|---|
Name | USN-3366-2 | First vendor Publication | 2017-07-31 |
Vendor | Ubuntu | Last vendor Modification | 2017-07-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: USN 3366-1 introduced a regression in OpenJDK 8. Software Description: - openjdk-8: Open Source Java implementation Details: USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the JPEGImageReader class in OpenJDK would It was discovered that the JAR verifier in OpenJDK did not properly It was discovered that integer overflows existed in the Hotspot It was discovered that the JavaScript Scripting component of OpenJDK It was discovered that OpenJDK did not properly process parentheses It was discovered that the ThreadPoolExecutor class in OpenJDK did not It was discovered that the ServiceRegistry implementation It was discovered that the channel groups implementation in It was discovered that the DTM exception handling code in the It was discovered that the JAXP component of OpenJDK incorrectly It was discovered that the Distributed Garbage Collector (DGC) in It was discovered that the Activation ID implementation in the RMI It was discovered that the BasicAttribute class in OpenJDK did not It was discovered that the CodeSource class in OpenJDK did not It was discovered that the AWT ImageWatched class in OpenJDK did not Jackson Davis discovered that the LambdaFormEditor class in the It was discovered that a timing side-channel vulnerability existed It was discovered that the LDAP implementation in OpenJDK incorrectly It was discovered that a timing side-channel vulnerability existed Ilya Maykov discovered that a timing side-channel vulnerability It was discovered that the Elliptic Curve (EC) implementation It was discovered that OpenJDK did not properly restrict weak key It was discovered that OpenJDK did not properly enforce disabled It was discovered that OpenJDK did not properly perform access control Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: Ubuntu 16.04 LTS: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-3366-2 |
Alert History
Date | Informations |
---|---|
2017-08-02 13:24:44 |
|
2017-08-01 05:21:26 |
|