Candidate: CVE-2018-2973
PublicDate: 2018-07-18 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2973
 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Description:
 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
 (subcomponent: JSSE). Supported versions that are affected are Java SE:
 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to
 exploit vulnerability allows unauthenticated attacker with network access
 via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of
 this vulnerability can result in unauthorized creation, deletion or
 modification access to critical data or all Java SE, Java SE Embedded
 accessible data. Note: This vulnerability applies to Java deployments,
 typically in clients running sandboxed Java Web Start applications or
 sandboxed Java applets, that load and run untrusted code (e.g., code that
 comes from the internet) and rely on the Java sandbox for security. This
 vulnerability does not apply to Java deployments, typically in servers,
 that load and run only trusted code (e.g., code installed by an
 administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector:
 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Ubuntu-Description:
Notes:
 sbeattie> Oracle Java only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N [5.9 MEDIUM]

Patches_openjdk-6:
upstream_openjdk-6: not-affected
precise/esm_openjdk-6: DNE
trusty_openjdk-6: not-affected
trusty/esm_openjdk-6: DNE (trusty was not-affected)
xenial_openjdk-6: DNE
artful_openjdk-6: DNE
bionic_openjdk-6: DNE
devel_openjdk-6: DNE

Patches_openjdk-7:
upstream_openjdk-7: not-affected
precise/esm_openjdk-7: DNE
trusty_openjdk-7: not-affected
trusty/esm_openjdk-7: DNE (trusty was not-affected)
xenial_openjdk-7: DNE
artful_openjdk-7: DNE
bionic_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-8:
upstream_openjdk-8: not-affected
precise/esm_openjdk-8: DNE
trusty_openjdk-8: DNE
trusty/esm_openjdk-8: DNE
xenial_openjdk-8: not-affected
esm-infra/xenial_openjdk-8: not-affected
artful_openjdk-8: ignored (reached end-of-life)
bionic_openjdk-8: not-affected
devel_openjdk-8: not-affected

Patches_openjdk-9:
upstream_openjdk-9: not-affected
precise/esm_openjdk-9: DNE
trusty_openjdk-9: DNE
trusty/esm_openjdk-9: DNE
xenial_openjdk-9: not-affected
artful_openjdk-9: ignored (reached end-of-life)
bionic_openjdk-9: DNE
devel_openjdk-9: DNE

Patches_openjdk-lts:
upstream_openjdk-lts: released (10.0.2)
precise/esm_openjdk-lts: DNE
trusty_openjdk-lts: DNE
trusty/esm_openjdk-lts: DNE
xenial_openjdk-lts: DNE
artful_openjdk-lts: DNE
bionic_openjdk-lts: not-affected (Oracle Java only)
devel_openjdk-lts: not-affected (Oracle Java only)