First published: Fri Aug 10 2018(Updated: )
It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption).
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/icedtea-7-jre-jamvm | <7u181-2.6.14-0ubuntu0.2 | 7u181-2.6.14-0ubuntu0.2 |
=14.04 | ||
All of | ||
ubuntu/openjdk-7-jdk | <7u181-2.6.14-0ubuntu0.2 | 7u181-2.6.14-0ubuntu0.2 |
=14.04 | ||
All of | ||
ubuntu/openjdk-7-jre | <7u181-2.6.14-0ubuntu0.2 | 7u181-2.6.14-0ubuntu0.2 |
=14.04 | ||
All of | ||
ubuntu/openjdk-7-jre-headless | <7u181-2.6.14-0ubuntu0.2 | 7u181-2.6.14-0ubuntu0.2 |
=14.04 | ||
All of | ||
ubuntu/openjdk-7-jre-lib | <7u181-2.6.14-0ubuntu0.2 | 7u181-2.6.14-0ubuntu0.2 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is USN-3735-1.
The vulnerability could allow an attacker to construct a class that causes excessive memory consumption, leading to denial of service.
OpenJDK 7 versions up to and excluding 7u181-2.6.14-0ubuntu0.2 are affected.
To fix this vulnerability, update OpenJDK 7 to version 7u181-2.6.14-0ubuntu0.2 or later.
You can find more information about this vulnerability on the Ubuntu security website: [Link](https://ubuntu.com/security/CVE-2018-2952)