English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843803
Category:Ubuntu Local Security Checks
Title:Ubuntu Update for openjdk-lts USN-3804-1
Summary:The remote host is missing an update for;the 'openjdk-lts' package(s) announced via the USN-3804-1 advisory.
Description:Summary:
The remote host is missing an update for
the 'openjdk-lts' package(s) announced via the USN-3804-1 advisory.

Vulnerability Insight:
It was discovered that the Security
component of OpenJDK did not properly ensure that manifest elements were signed
before use. An attacker could possibly use this to specially construct an
untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136)

Artem Smotrakov discovered that the HTTP client redirection handler
implementation in OpenJDK did not clear potentially sensitive information
in HTTP headers when following redirections to different hosts. An attacker
could use this to expose sensitive information. (CVE-2018-3139)

It was discovered that the Java Naming and Directory Interface (JNDI)
implementation in OpenJDK did not properly enforce restrictions specified
by system properties in some situations. An attacker could potentially use
this to execute arbitrary code. (CVE-2018-3149)

It was discovered that the Utility component of OpenJDK did not properly
ensure all attributes in a JAR were signed before use. An attacker could
use this to specially construct an untrusted Java application or applet
that could escape sandbox restrictions. This issue only affected Ubuntu
18.04 LTS and Ubuntu 18.10. (CVE-2018-3150)

It was discovered that the Hotspot component of OpenJDK did not properly
perform access checks in certain cases when performing field link
resolution. An attacker could use this to specially construct an untrusted
Java application or applet that could escape sandbox restrictions.
(CVE-2018-3169)

Felix Drre discovered that the Java Secure Socket Extension (JSSE)
implementation in OpenJDK did not ensure that the same endpoint
identification algorithm was used during TLS session resumption as during
initial session setup. An attacker could use this to expose sensitive
information. (CVE-2018-3180)

Krzysztof Szafraski discovered that the Scripting component did not
properly restrict access to the scripting engine in some situations. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions.
(CVE-2018-3183)

Tobias Ospelt discovered that the Resource Interchange File Format (RIFF)
reader implementation in OpenJDK contained an infinite loop. An attacker
could use this to cause a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-3214)

Affected Software/OS:
openjdk-lts on Ubuntu 18.10,
Ubuntu 18.04 LTS,
Ubuntu 16.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-3136
https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html
Debian Security Information: DSA-4326 (Google Search)
https://www.debian.org/security/2018/dsa-4326
RedHat Security Advisories: RHSA-2018:2942
https://access.redhat.com/errata/RHSA-2018:2942
RedHat Security Advisories: RHSA-2018:2943
https://access.redhat.com/errata/RHSA-2018:2943
RedHat Security Advisories: RHSA-2018:3000
https://access.redhat.com/errata/RHSA-2018:3000
RedHat Security Advisories: RHSA-2018:3001
https://access.redhat.com/errata/RHSA-2018:3001
RedHat Security Advisories: RHSA-2018:3002
https://access.redhat.com/errata/RHSA-2018:3002
RedHat Security Advisories: RHSA-2018:3003
https://access.redhat.com/errata/RHSA-2018:3003
RedHat Security Advisories: RHSA-2018:3007
https://access.redhat.com/errata/RHSA-2018:3007
RedHat Security Advisories: RHSA-2018:3008
https://access.redhat.com/errata/RHSA-2018:3008
RedHat Security Advisories: RHSA-2018:3350
https://access.redhat.com/errata/RHSA-2018:3350
RedHat Security Advisories: RHSA-2018:3409
https://access.redhat.com/errata/RHSA-2018:3409
RedHat Security Advisories: RHSA-2018:3521
https://access.redhat.com/errata/RHSA-2018:3521
RedHat Security Advisories: RHSA-2018:3533
https://access.redhat.com/errata/RHSA-2018:3533
RedHat Security Advisories: RHSA-2018:3534
https://access.redhat.com/errata/RHSA-2018:3534
RedHat Security Advisories: RHSA-2018:3671
https://access.redhat.com/errata/RHSA-2018:3671
RedHat Security Advisories: RHSA-2018:3672
https://access.redhat.com/errata/RHSA-2018:3672
RedHat Security Advisories: RHSA-2018:3779
https://access.redhat.com/errata/RHSA-2018:3779
RedHat Security Advisories: RHSA-2018:3852
https://access.redhat.com/errata/RHSA-2018:3852
https://usn.ubuntu.com/3804-1/
https://usn.ubuntu.com/3824-1/
BugTraq ID: 105601
http://www.securityfocus.com/bid/105601
http://www.securitytracker.com/id/1041889
Common Vulnerability Exposure (CVE) ID: CVE-2018-3139
BugTraq ID: 105602
http://www.securityfocus.com/bid/105602
Common Vulnerability Exposure (CVE) ID: CVE-2018-3149
BugTraq ID: 105608
http://www.securityfocus.com/bid/105608
Common Vulnerability Exposure (CVE) ID: CVE-2018-3150
BugTraq ID: 105597
http://www.securityfocus.com/bid/105597
Common Vulnerability Exposure (CVE) ID: CVE-2018-3169
BugTraq ID: 105587
http://www.securityfocus.com/bid/105587
Common Vulnerability Exposure (CVE) ID: CVE-2018-3180
BugTraq ID: 105617
http://www.securityfocus.com/bid/105617
Common Vulnerability Exposure (CVE) ID: CVE-2018-3183
BugTraq ID: 105622
http://www.securityfocus.com/bid/105622
Common Vulnerability Exposure (CVE) ID: CVE-2018-3214
BugTraq ID: 105615
http://www.securityfocus.com/bid/105615
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.