{"id":"USN-4080-1","summary":"openjdk-8 vulnerabilities","details":"Keegan Ryan discovered that the ECC implementation in OpenJDK was not\nsufficiently resilient to side-channel attacks. An attacker could possibly\nuse this to expose sensitive information. (CVE-2019-2745)\n\nIt was discovered that OpenJDK did not sufficiently validate serial streams\nbefore deserializing suppressed exceptions in some situations. An attacker\ncould use this to specially craft an object that, when deserialized, would\ncause a denial of service. (CVE-2019-2762)\n\nIt was discovered that in some situations OpenJDK did not properly bound\nthe amount of memory allocated during object deserialization. An attacker\ncould use this to specially craft an object that, when deserialized, would\ncause a denial of service (excessive memory consumption). (CVE-2019-2769)\n\nIt was discovered that OpenJDK did not properly restrict privileges in\ncertain situations. An attacker could use this to specially construct an\nuntrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2019-2786)\n\nJonathan Birch discovered that the Networking component of OpenJDK did not\nproperly validate URLs in some situations. An attacker could use this to\nbypass restrictions on characters in URLs. (CVE-2019-2816)\n\nNati Nimni discovered that the Java Cryptography Extension component in\nOpenJDK did not properly perform array bounds checking in some situations.\nAn attacker could use this to cause a denial of service. (CVE-2019-2842)\n\nIt was discovered that OpenJDK incorrectly handled certain memory\noperations. If a user or automated system were tricked into opening a\nspecially crafted PNG file, a remote attacker could use this issue to\ncause OpenJDK to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2019-7317)\n","modified":"2026-02-10T04:41:35Z","published":"2019-07-31T00:05:19Z","related":["UBUNTU-CVE-2019-2745","UBUNTU-CVE-2019-2762","UBUNTU-CVE-2019-2769","UBUNTU-CVE-2019-2786","UBUNTU-CVE-2019-2816","UBUNTU-CVE-2019-2842","UBUNTU-CVE-2019-7317"],"upstream":["CVE-2019-2745","CVE-2019-2762","CVE-2019-2769","CVE-2019-2786","CVE-2019-2816","CVE-2019-2842","CVE-2019-7317","UBUNTU-CVE-2019-2745","UBUNTU-CVE-2019-2762","UBUNTU-CVE-2019-2769","UBUNTU-CVE-2019-2786","UBUNTU-CVE-2019-2816","UBUNTU-CVE-2019-2842","UBUNTU-CVE-2019-7317"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4080-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2745"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2762"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2769"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2786"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2816"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-7317"}],"affected":[{"package":{"name":"openjdk-8","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/openjdk-8@8u222-b10-1ubuntu1~16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8u222-b10-1ubuntu1~16.04.1"}]}],"versions":["8u66-b01-5","8u72-b05-1ubuntu1","8u72-b05-5","8u72-b05-6","8u72-b15-1","8u72-b15-2ubuntu1","8u72-b15-2ubuntu3","8u72-b15-3ubuntu1","8u77-b03-1ubuntu2","8u77-b03-3ubuntu1","8u77-b03-3ubuntu2","8u77-b03-3ubuntu3","8u91-b14-0ubuntu4~16.04.1","8u91-b14-3ubuntu1~16.04.1","8u111-b14-2ubuntu0.16.04.2","8u121-b13-0ubuntu1.16.04.2","8u131-b11-0ubuntu1.16.04.2","8u131-b11-2ubuntu1.16.04.2","8u131-b11-2ubuntu1.16.04.3","8u151-b12-0ubuntu0.16.04.2","8u162-b12-0ubuntu0.16.04.2","8u171-b11-0ubuntu0.16.04.1","8u181-b13-0ubuntu0.16.04.1","8u181-b13-1ubuntu0.16.04.1","8u191-b12-0ubuntu0.16.04.1","8u191-b12-2ubuntu0.16.04.1","8u212-b03-0ubuntu1.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-demo"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jdk"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jdk-headless"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jre"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jre-headless"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jre-jamvm"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-jre-zero"},{"binary_version":"8u222-b10-1ubuntu1~16.04.1","binary_name":"openjdk-8-source"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4080-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2019-2745","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-2762","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-2769","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-2786","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-2816","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-2842","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-7317","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}