USN-3473-1: OpenJDK 8 vulnerabilities
USN-3473-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3473-1 8th November, 2017 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details It was discovered that the Smart Card IO subsystem in OpenJDK did notproperly maintain state. An attacker could use this to specially constructan untrusted Java application or applet to gain access to a smart card,bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK didnot properly limit the amount of memory allocated when performingdeserializations. An attacker could use this to cause a denial of service(memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component inOpenJDK did not properly handle unreferenced objects. An attacker could usethis [ more… ]