PublicDateAtUSN: 2019-04-23
Candidate: CVE-2019-2697
PublicDate: 2019-04-23 19:32:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2697
 https://ubuntu.com/security/notices/USN-3975-1
Description:
 Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
 2D). Supported versions that are affected are Java SE: 7u211 and 8u202.
 Difficult to exploit vulnerability allows unauthenticated attacker with
 network access via multiple protocols to compromise Java SE. Successful
 attacks of this vulnerability can result in takeover of Java SE. Note: This
 vulnerability applies to Java deployments, typically in clients running
 sandboxed Java Web Start applications or sandboxed Java applets (in Java SE
 8), that load and run untrusted code (e.g., code that comes from the
 internet) and rely on the Java sandbox for security. This vulnerability
 does not apply to Java deployments, typically in servers, that load and run
 only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base
 Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS
 Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Ubuntu-Description:
 Mateusz Jurczyk discovered a vulnerability in the 2D component of
 OpenJDK. An attacker could use this to possibly escape Java sandbox
 restrictions.
Notes:
 sbeattie> openjdk-7 and openjdk-8 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_openjdk-6:
upstream_openjdk-6: needs-triage
precise/esm_openjdk-6: DNE
trusty_openjdk-6: ignored (reached end-of-life)
trusty/esm_openjdk-6: DNE (trusty was needs-triage)
xenial_openjdk-6: DNE
bionic_openjdk-6: DNE
cosmic_openjdk-6: DNE
disco_openjdk-6: DNE
devel_openjdk-6: DNE

Patches_openjdk-7:
upstream_openjdk-7: needs-triage
precise/esm_openjdk-7: DNE
trusty_openjdk-7: ignored (reached end-of-life)
trusty/esm_openjdk-7: DNE (trusty was needs-triage)
xenial_openjdk-7: DNE
bionic_openjdk-7: DNE
cosmic_openjdk-7: DNE
disco_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-8:
upstream_openjdk-8: needs-triage
precise/esm_openjdk-8: DNE
trusty_openjdk-8: DNE
trusty/esm_openjdk-8: DNE
xenial_openjdk-8: released (8u212-b03-0ubuntu1.16.04.1)
esm-infra/xenial_openjdk-8: released (8u212-b03-0ubuntu1.16.04.1)
bionic_openjdk-8: released (8u212-b03-0ubuntu1.18.04.1)
cosmic_openjdk-8: released (8u212-b03-0ubuntu1.18.10.1)
disco_openjdk-8: released (8u212-b03-0ubuntu1.19.04.2)
devel_openjdk-8: not-affected (8u212-b03-0ubuntu1)

Patches_icedtea-web:
upstream_icedtea-web: needs-triage
precise/esm_icedtea-web: DNE
trusty_icedtea-web: ignored (reached end-of-life)
trusty/esm_icedtea-web: DNE (trusty was needs-triage)
xenial_icedtea-web: not-affected
bionic_icedtea-web: not-affected
cosmic_icedtea-web: not-affected
disco_icedtea-web: not-affected
devel_icedtea-web: not-affected

Patches_openjdk-9:
upstream_openjdk-9: needs-triage
precise/esm_openjdk-9: DNE
trusty_openjdk-9: DNE
trusty/esm_openjdk-9: DNE
xenial_openjdk-9: not-affected
bionic_openjdk-9: DNE
cosmic_openjdk-9: DNE
disco_openjdk-9: DNE
devel_openjdk-9: DNE

Patches_openjdk-lts:
upstream_openjdk-lts: not-affected
precise/esm_openjdk-lts: DNE
trusty_openjdk-lts: DNE
trusty/esm_openjdk-lts: DNE
xenial_openjdk-lts: DNE
bionic_openjdk-lts: not-affected
cosmic_openjdk-lts: not-affected
disco_openjdk-lts: not-affected
devel_openjdk-lts: not-affected

Patches_openjdk-12:
upstream_openjdk-12: not-affected
precise/esm_openjdk-12: DNE
trusty_openjdk-12: DNE
trusty/esm_openjdk-12: DNE
xenial_openjdk-12: DNE
bionic_openjdk-12: DNE
cosmic_openjdk-12: DNE
disco_openjdk-12: not-affected
devel_openjdk-12: not-affected