{"id":"USN-3747-2","summary":"openjdk-lts regression","details":"USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS.\nUnfortunately, that update introduced a regression around accessability\nsupport that prevented some Java applications from starting.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that OpenJDK did not properly validate types in some\n situations. An attacker could use this to construct a Java class that could\n possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)\n\n It was discovered that the PatternSyntaxException class in OpenJDK did not\n properly validate arguments passed to it. An attacker could use this to\n potentially construct a class that caused a denial of service (excessive\n memory consumption). (CVE-2018-2952)\n\n Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode\n (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker\n could use this to expose sensitive information. (CVE-2018-2972)\n","modified":"2026-02-10T04:41:23Z","published":"2018-09-12T22:13:03Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3747-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1788250"}],"affected":[{"package":{"name":"openjdk-lts","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openjdk-lts@10.0.2+13-1ubuntu0.18.04.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.2+13-1ubuntu0.18.04.2"}]}],"versions":["9.0.4+12-2ubuntu4","9.0.4+12-4ubuntu1","10~46-4ubuntu1","10~46-5ubuntu1","10.0.1+10-1ubuntu2","10.0.1+10-3ubuntu1","10.0.2+13-1ubuntu0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-demo"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-jdk"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-jdk-headless"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-jre"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-jre-headless"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-jre-zero"},{"binary_version":"10.0.2+13-1ubuntu0.18.04.2","binary_name":"openjdk-11-source"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3747-2.json"}}],"schema_version":"1.7.3"}