| Errata ID | 62 |
|---|---|
| Date | 2018-05-16 |
| Source package | openjdk-8 |
| Fixed in version | 8u171-b11-1~deb9u1 |
| Description | This update addresses the following issues: * CVE-2016-9841: Upgrade compression library. There were four off by one errors found in the zlib library. Two of them are long typed which could lead to RCE. * CVE-2016-10165: Improve CMS header processing. Missing bounds check could lead to leaked memory contents. * CVE-2017-10274: Handle smartcard clean up better. If a CardImpl can be recovered via finalization, then separate instances pointing to the same device can be created. * CVE-2017-10281: Better queuing priorities. PriorityQueue's readObject allocates an array based on data in the stream which could cause an OOM. * CVE-2017-10285: Unreferenced references. RMI's Unreferenced thread can be used as the root of a Trusted Method Chain. * CVE-2017-10295: Better URL connections. On Ubuntu (and possibly other Linux flavors) CR-NL in the host field are ignored and can be used to inject headers in an HTTP request stream. * CVE-2017-10345: Better keystore handling. A malicious serialized object in a keystore can cause a DoS when using keytool. * CVE-2017-10346: Better alignment of special invocations. A missing load constraint for some invokespecial cases can allow invoking a method from an unrelated class. * CVE-2017-10347: Better timezone processing. An array is allocated based on data in the serial stream without a limit on the size. * CVE-2017-10348: Better processing of unresolved permissions. An array is allocated based on data in the serial stream without a limit on the size. * CVE-2017-10349: Better Node predications. An array is allocated based on data in the serial stream without a limit on the size. * CVE-2017-10350: Better Base Exceptions. An array is allocated based on data in the serial stream without a limit on the size. * CVE-2017-10355: More stable connection processing. If an attack can cause an application to open a connection to a malicious FTP server (e.g., via XML), then a thread can be tied up indefinitely in accept(2). * CVE-2017-10356: Update storage implementations. JKS and JCEKS keystores should be retired from common use in favor of more modern keystore protections. * CVE-2017-10357: Process Proxy presentation. A malicious serialized stream could cause an OOM due to lack on checking on the number of interfaces read from the stream for a Proxy. * CVE-2017-10388: Correct Kerberos ticket grants. Kerberos implementations can incorrectly take information from the unencrypted portion of the ticket from the KDC. This can lead to an MITM attack impersonating Kerberos services. * CVE-2018-2579: unsynchronized access to encryption key data * CVE-2018-2582: insufficient validation of the invokeinterface instruction * CVE-2018-2588: LdapLoginModule insufficient username encoding in LDAP query * CVE-2018-2599: DnsClient missing source port randomization * CVE-2018-2602: loading of classes from untrusted locations * CVE-2018-2603: DerValue unbounded memory allocation * CVE-2018-2618: insufficient strength of key agreement * CVE-2018-2629: GSS context use-after-free * CVE-2018-2633: LDAPCertStore insecure handling of LDAP referrals * CVE-2018-2634: use of global credentials for HTTP/SPNEGO * CVE-2018-2637: SingleEntryRegistry incorrect setup of deserialization filter * CVE-2018-2641: GTK library loading use-after-free * CVE-2018-2663: ArrayBlockingQueue deserialization to an inconsistent state * CVE-2018-2677: unbounded memory allocation during deserialization * CVE-2018-2678: unbounded memory allocation in BasicAttributes deserialization * CVE-2018-2790: incorrect merging of sections in the JAR manifest * CVE-2018-2794: unrestricted deserialization of data from JCEKS key stores * CVE-2018-2795: insufficient consistency checks in deserialization of multiple classes * CVE-2018-2796: unbounded memory allocation during deserialization in PriorityBlockingQueue * CVE-2018-2797: unbounded memory allocation during deserialization in TabularDataSupport * CVE-2018-2798: unbounded memory allocation during deserialization in Container * CVE-2018-2799: unbounded memory allocation during deserialization in NamedNodeMapImpl * CVE-2018-2800: RMI HTTP transport enabled by default * CVE-2018-2814: incorrect handling of Reference clones can lead to sandbox bypass * CVE-2018-2815: unbounded memory allocation during deserialization in StubIORImpl |
| Additional notes | |
| CVE ID | CVE-2016-9841 CVE-2016-10165 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 |
| UCS Bug number | #46695 |
