Test ID:	1.3.6.1.4.1.25623.1.0.843803
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3804-1)
Summary:	The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-3804-1 advisory.
Description:	Summary: The remote host is missing an update for the 'openjdk-8, openjdk-lts' package(s) announced via the USN-3804-1 advisory. Vulnerability Insight: It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. (CVE-2018-3139) It was discovered that the Java Naming and Directory Interface (JNDI) implementation in OpenJDK did not properly enforce restrictions specified by system properties in some situations. An attacker could potentially use this to execute arbitrary code. (CVE-2018-3149) It was discovered that the Utility component of OpenJDK did not properly ensure all attributes in a JAR were signed before use. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-3150) It was discovered that the Hotspot component of OpenJDK did not properly perform access checks in certain cases when performing field link resolution. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3169) Felix Dorre discovered that the Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information. (CVE-2018-3180) Krzysztof Szafranski discovered that the Scripting component did not properly restrict access to the scripting engine in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3183) Tobias Ospelt discovered that the Resource Interchange File Format (RIFF) reader implementation in OpenJDK contained an infinite loop. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-3214) Affected Software/OS: 'openjdk-8, openjdk-lts' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-3136 BugTraq ID: 105601 http://www.securityfocus.com/bid/105601 Debian Security Information: DSA-4326 (Google Search) https://www.debian.org/security/2018/dsa-4326 https://security.gentoo.org/glsa/201908-10 https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html RedHat Security Advisories: RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2942 RedHat Security Advisories: RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:2943 RedHat Security Advisories: RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000 RedHat Security Advisories: RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001 RedHat Security Advisories: RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002 RedHat Security Advisories: RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003 RedHat Security Advisories: RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007 RedHat Security Advisories: RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008 RedHat Security Advisories: RHSA-2018:3350 https://access.redhat.com/errata/RHSA-2018:3350 RedHat Security Advisories: RHSA-2018:3409 https://access.redhat.com/errata/RHSA-2018:3409 RedHat Security Advisories: RHSA-2018:3521 https://access.redhat.com/errata/RHSA-2018:3521 RedHat Security Advisories: RHSA-2018:3533 https://access.redhat.com/errata/RHSA-2018:3533 RedHat Security Advisories: RHSA-2018:3534 https://access.redhat.com/errata/RHSA-2018:3534 RedHat Security Advisories: RHSA-2018:3671 https://access.redhat.com/errata/RHSA-2018:3671 RedHat Security Advisories: RHSA-2018:3672 https://access.redhat.com/errata/RHSA-2018:3672 RedHat Security Advisories: RHSA-2018:3779 https://access.redhat.com/errata/RHSA-2018:3779 RedHat Security Advisories: RHSA-2018:3852 https://access.redhat.com/errata/RHSA-2018:3852 http://www.securitytracker.com/id/1041889 https://usn.ubuntu.com/3804-1/ https://usn.ubuntu.com/3824-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-3139 BugTraq ID: 105602 http://www.securityfocus.com/bid/105602 Common Vulnerability Exposure (CVE) ID: CVE-2018-3149 BugTraq ID: 105608 http://www.securityfocus.com/bid/105608 Common Vulnerability Exposure (CVE) ID: CVE-2018-3150 BugTraq ID: 105597 http://www.securityfocus.com/bid/105597 Common Vulnerability Exposure (CVE) ID: CVE-2018-3169 BugTraq ID: 105587 http://www.securityfocus.com/bid/105587 Common Vulnerability Exposure (CVE) ID: CVE-2018-3180 BugTraq ID: 105617 http://www.securityfocus.com/bid/105617 Common Vulnerability Exposure (CVE) ID: CVE-2018-3183 BugTraq ID: 105622 http://www.securityfocus.com/bid/105622 Common Vulnerability Exposure (CVE) ID: CVE-2018-3214 BugTraq ID: 105615 http://www.securityfocus.com/bid/105615
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.