 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.844279 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-4223-1) |
| Summary: | The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-4223-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-4223-1 advisory. Vulnerability Insight: Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. (CVE-2019-2945) Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. (CVE-2019-2949) It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2962) It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2964) It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2973, CVE-2019-2981) It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2975) It was discovered that the String class in OpenJDK contained an out-of- bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. This issue only affected OpenJDK 11 in Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977) It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2978) It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2983) It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). (CVE-2019-2987) It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash). (CVE-2019-2988) It was discovered that the Networking component in OpenJDK did not properly handle certain responses ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'openjdk-8, openjdk-lts' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-2894 Bugtraq: 20191021 [SECURITY] [DSA 4546-1] openjdk-11 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/31 Bugtraq: 20191021 [SECURITY] [DSA 4548-1] openjdk-8 security update (Google Search) https://seclists.org/bugtraq/2019/Oct/27 Debian Security Information: DSA-4546 (Google Search) https://www.debian.org/security/2019/dsa-4546 Debian Security Information: DSA-4548 (Google Search) https://www.debian.org/security/2019/dsa-4548 http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://minerva.crocs.fi.muni.cz/ https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html http://www.openwall.com/lists/oss-security/2019/10/02/2 SuSE Security Announcement: openSUSE-SU-2019:2557 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html SuSE Security Announcement: openSUSE-SU-2019:2565 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html SuSE Security Announcement: openSUSE-SU-2019:2687 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html https://usn.ubuntu.com/4223-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-2945 RedHat Security Advisories: RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3134 RedHat Security Advisories: RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3135 RedHat Security Advisories: RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3136 RedHat Security Advisories: RHSA-2019:3157 https://access.redhat.com/errata/RHSA-2019:3157 RedHat Security Advisories: RHSA-2019:3158 https://access.redhat.com/errata/RHSA-2019:3158 RedHat Security Advisories: RHSA-2019:4109 https://access.redhat.com/errata/RHSA-2019:4109 RedHat Security Advisories: RHSA-2019:4110 https://access.redhat.com/errata/RHSA-2019:4110 RedHat Security Advisories: RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4113 RedHat Security Advisories: RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2019:4115 RedHat Security Advisories: RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0006 RedHat Security Advisories: RHSA-2020:0046 https://access.redhat.com/errata/RHSA-2020:0046 Common Vulnerability Exposure (CVE) ID: CVE-2019-2949 Common Vulnerability Exposure (CVE) ID: CVE-2019-2962 Common Vulnerability Exposure (CVE) ID: CVE-2019-2964 Common Vulnerability Exposure (CVE) ID: CVE-2019-2973 Common Vulnerability Exposure (CVE) ID: CVE-2019-2975 Common Vulnerability Exposure (CVE) ID: CVE-2019-2977 Common Vulnerability Exposure (CVE) ID: CVE-2019-2978 Common Vulnerability Exposure (CVE) ID: CVE-2019-2981 Common Vulnerability Exposure (CVE) ID: CVE-2019-2983 Common Vulnerability Exposure (CVE) ID: CVE-2019-2987 Common Vulnerability Exposure (CVE) ID: CVE-2019-2988 Common Vulnerability Exposure (CVE) ID: CVE-2019-2989 Common Vulnerability Exposure (CVE) ID: CVE-2019-2992 Common Vulnerability Exposure (CVE) ID: CVE-2019-2999 |
| Copyright | Copyright (C) 2019 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |