[USN-3830-1] OpenJDK regression

protocol=”application/pgp-signature”; boundary=”1yeeQ81UyVL57Vl7″
Content-Disposition: inline

–1yeeQ81UyVL57Vl7

Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3830-1
November 28, 2018

openjdk-8, openjdk-lts regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-3804-1 introduced a regression in OpenJDK.

Software Description:
– openjdk-lts: Open Source Java implementation
– openjdk-8: Open Source Java implementation

Details:

USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update
introduced a regression when validating JAR files that prevented Java
applications from finding classes in some situations. This update
fixes the problem.

We apologize for the inconvenience.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
openjdk-11-jdk 10.0.2+13-1ubuntu0.18.04.4
openjdk-11-jre 10.0.2+13-1ubuntu0.18.04.4
openjdk-11-jre-headless 10.0.2+13-1ubuntu0.18.04.4

Ubuntu 16.04 LTS:
openjdk-8-jdk 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre-headless 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre-jamvm 8u191-b12-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3830-1
https://usn.ubuntu.com/usn/usn-3804-1
https://launchpad.net/bugs/1800792

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/10.0.2+13-1ubuntu0.18.04.4
https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-0ubuntu0.16.04.1

–1yeeQ81UyVL57Vl7

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAlv+VF8ACgkQLwmejQBe
gfSOmw//fC7/tR8qbNdD793bgcmfRaHUjn3VVRoJmAFYSFW+uZ6NH6NNs63CUXUJ
+vhe/cHoAAykWacTGEpwr0De70Zk+X53rSzYS7R6UczRNUQ8HYCa71udISlFHaR8
WbpPbyh+kNK9l95pyRFm3Bzygq6xYId2CqGbegPwdLpUtzOFrVIM9hVBCrWvL1Py
VHKFad6IRrUolxNdRgNJxeF4c0bRkBCGdIKuFgeobgU0+OW++cEJopWUWa8vZClV
KvmTuVeYle10nicQpP8eridGpGbyE7vkDx26N9DYhPJJ1eM+awiSO2DHigIs4N45
futjLJQ4KM41KeyxDycPZg+GVNmWtyx4SMY1/jFAV62OURoH6uoaExlq8YvrGqlp
9UCaQeJTgrsIqevwrSXfhF6XaIvE7Xk2WfBiBu1hGh9OmOe3Sd0QcwWnfBoMftLk
9z/2u78jFKYcQO25ZdqXHyDAqqwMqx//TG1vhlCQop7xOeOVG+t0Ii1ElPPDN9P5
VhD3yTw7W975qLaXRBq56JD02FFbW9rJM8bzamA7cHc9LSC2fatf+jG7UvIIx+72
AULkcQw3/M9MUBU212+uXYXF/B7kxVuL1rpy7jg+po4zT03y2FeGXEfdt0Kgjs+h
QnoW3DjHV+O/4xm+WyT+VbrckI51PZkbZJtb6iYja9KuY18dp1Q=
=JZUx
—–END PGP SIGNATURE—–

–1yeeQ81UyVL57Vl7–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK