Test ID:	1.3.6.1.4.1.25623.1.0.843634
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3747-2)
Summary:	The remote host is missing an update for the 'openjdk-lts' package(s) announced via the USN-3747-2 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-lts' package(s) announced via the USN-3747-2 advisory. Vulnerability Insight: USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972) Affected Software/OS: 'openjdk-lts' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-2825 BugTraq ID: 103782 http://www.securityfocus.com/bid/103782 http://www.securitytracker.com/id/1040697 https://usn.ubuntu.com/3747-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-2826 BugTraq ID: 103796 http://www.securityfocus.com/bid/103796 Common Vulnerability Exposure (CVE) ID: CVE-2018-2952 BugTraq ID: 104765 http://www.securityfocus.com/bid/104765 Debian Security Information: DSA-4268 (Google Search) https://www.debian.org/security/2018/dsa-4268 https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html RedHat Security Advisories: RHSA-2018:2241 https://access.redhat.com/errata/RHSA-2018:2241 RedHat Security Advisories: RHSA-2018:2242 https://access.redhat.com/errata/RHSA-2018:2242 RedHat Security Advisories: RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2253 RedHat Security Advisories: RHSA-2018:2254 https://access.redhat.com/errata/RHSA-2018:2254 RedHat Security Advisories: RHSA-2018:2255 https://access.redhat.com/errata/RHSA-2018:2255 RedHat Security Advisories: RHSA-2018:2256 https://access.redhat.com/errata/RHSA-2018:2256 RedHat Security Advisories: RHSA-2018:2283 https://access.redhat.com/errata/RHSA-2018:2283 RedHat Security Advisories: RHSA-2018:2286 https://access.redhat.com/errata/RHSA-2018:2286 RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2569 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2576 RedHat Security Advisories: RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2712 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 RedHat Security Advisories: RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007 RedHat Security Advisories: RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008 http://www.securitytracker.com/id/1041302 https://usn.ubuntu.com/3734-1/ https://usn.ubuntu.com/3735-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-2972 BugTraq ID: 104782 http://www.securityfocus.com/bid/104782
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.