Ubuntu 18.04 LTS : openjdk-lts vulnerabilities (USN-3747-1)
Medium Nessus Plugin ID 112033
SynopsisThe remote Ubuntu host is missing one or more security-related
DescriptionIt was discovered that OpenJDK did not properly validate types in some
situations. An attacker could use this to construct a Java class that
could possibly bypass sandbox restrictions. (CVE-2018-2825,
It was discovered that the PatternSyntaxException class in OpenJDK did
not properly validate arguments passed to it. An attacker could use
this to potentially construct a class that caused a denial of service
(excessive memory consumption). (CVE-2018-2952)
Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter
Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK.
An attacker could use this to expose sensitive information.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
SolutionUpdate the affected openjdk-11-jre, openjdk-11-jre-headless and / or