CVE-2017-3289
First published: Mon Jan 16 2017(Updated: )
An insecure class construction flaw, related to the incorrect handling of exception stack frames, was found in the Hotspot component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openjdk-8 | 8u442-ga-2 | |
| Oracle Java SE 7 | =1.7-update_121 | |
| Oracle Java SE 7 | =1.8-update_111 | |
| Oracle Java SE 7 | =1.8-update_112 | |
| Oracle JRE | =1.7-update_121 | |
| Oracle JRE | =1.8-update_111 | |
| Oracle JRE | =1.8-update_112 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2017-0175.html
- http://rhn.redhat.com/errata/RHSA-2017-0176.html
- http://rhn.redhat.com/errata/RHSA-2017-0180.html
- http://rhn.redhat.com/errata/RHSA-2017-0263.html
- http://rhn.redhat.com/errata/RHSA-2017-0269.html
- http://rhn.redhat.com/errata/RHSA-2017-0336.html
- http://rhn.redhat.com/errata/RHSA-2017-0337.html
- http://www.debian.org/security/2017/dsa-3782
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- http://www.securityfocus.com/bid/95525
- http://www.securitytracker.com/id/1037637
- https://access.redhat.com/errata/RHSA-2017:1216
- https://security.gentoo.org/glsa/201701-65
- https://security.gentoo.org/glsa/201707-01
- https://security.netapp.com/advisory/ntap-20170119-0001/
- https://launchpad.net/bugs/cve/CVE-2017-3289
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
- http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/02a3d0dcbedd
- https://rhn.redhat.com/errata/RHSA-2017-0176.html
- https://rhn.redhat.com/errata/RHSA-2017-0175.html
- https://rhn.redhat.com/errata/RHSA-2017-0180.html
- https://rhn.redhat.com/errata/RHSA-2017-0263.html
- https://rhn.redhat.com/errata/RHSA-2017-0269.html
- https://rhn.redhat.com/errata/RHSA-2017-0337.html
- https://rhn.redhat.com/errata/RHSA-2017-0336.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1413562
- https://security-tracker.debian.org/tracker/CVE-2017-3289
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
- https://nvd.nist.gov/vuln/detail/CVE-2017-3289
- https://ubuntu.com/security/CVE-2017-3289
Frequently Asked Questions
What is the severity of CVE-2017-3289?
CVE-2017-3289 is considered a critical vulnerability due to its potential to bypass Java sandbox restrictions.
How do I fix CVE-2017-3289?
To fix CVE-2017-3289, upgrade to OpenJDK 8u442-ga-2 or a later version.
Which software versions are affected by CVE-2017-3289?
CVE-2017-3289 affects Oracle JDK 1.7 update 121 and Oracle JDK 1.8 updates 111 and 112.
What impact does CVE-2017-3289 have on Java applications?
CVE-2017-3289 allows untrusted Java applications to bypass security restrictions, potentially compromising the system.
Is CVE-2017-3289 specific to certain platforms?
CVE-2017-3289 affects the Hotspot component of OpenJDK and is relevant across different platforms that run vulnerable versions.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-3289
- agent/first-publish-date
- agent/remedy
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/oracle
- canonical/oracle java se 7
- version/oracle java se 7/1.7-update_121
- version/oracle java se 7/1.8-update_111
- version/oracle java se 7/1.8-update_112
- canonical/oracle jre
- version/oracle jre/1.7-update_121
- version/oracle jre/1.8-update_111
- version/oracle jre/1.8-update_112