SECURITY

USN-3121-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3121-1 3rd November, 2016 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details It was discovered that the Hotspot component of OpenJDK did not properlycheck arguments of the System.arraycopy() function in certain cases. Anattacker could use this to bypass Java sandbox restrictions.(CVE-2016-5582) It was discovered that OpenJDK did not restrict the set of algorithms usedfor Jar integrity verification. An attacker could use this to modifywithout detection the content of a JAR file, affecting system integrity.(CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficientlyperform classloader consistency checks. An attacker could use this tobypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot [ more… ]