Executive Summary

Summary
Title OpenJDK 11 vulnerability
Informations
NameUSN-3949-1First vendor Publication2019-04-16
VendorUbuntuLast vendor Modification2019-04-16
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Java applets or applications could be made to expose sensitive information.

Software Description: - openjdk-lts: Open Source Java implementation

Details:

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)

Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS:
openjdk-11-jdk 11.0.2+9-3ubuntu1~18.04.3
openjdk-11-jre 11.0.2+9-3ubuntu1~18.04.3

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3949-1
CVE-2019-2422

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.2+9-3ubuntu1~18.04.3

Original Source

Url : http://www.ubuntu.com/usn/USN-3949-1

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application2
Application3
Application3
Application1
Os4
Os2
Os1
Os2
Os3
Os1
Os1
Os1
Os2

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-04-16 21:18:30
  • First insertion