Executive Summary

Summary
Title OpenJDK 7 vulnerability
Informations
NameUSN-3942-1First vendor Publication2019-04-09
VendorUbuntuLast vendor Modification2019-04-09
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Java applets or applications could be made to expose sensitive information.

Software Description: - openjdk-7: Open Source Java implementation

Details:

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u211-2.6.17-0ubuntu0.1
openjdk-7-jdk 7u211-2.6.17-0ubuntu0.1
openjdk-7-jre 7u211-2.6.17-0ubuntu0.1

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3942-1
CVE-2019-2422

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u211-2.6.17-0ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3942-1

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application2
Application3
Application3
Application1
Os4
Os2
Os1
Os2
Os3
Os1
Os1
Os1
Os2

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-04-09 05:18:37
  • First insertion