CVE-2017-10355

Priority
Medium
Description
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
Java SE (subcomponent: Networking). Supported versions that are affected
are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit:
R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java SE
Embedded, JRockit. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial DOS) of
Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be
exploited through sandboxed Java Web Start applications and sandboxed Java
applets. It can also be exploited by supplying data to APIs in the
specified Component without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score
5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Ubuntu-Description
It was discovered that the Networking component of OpenJDK did not
properly set timeouts on FTP client actions. A remote attacker could
use this to cause a denial of service (application hang).
References
Notes
 sbeattie> See Oracle release notes on the changed default behavior for
  FTP clients and how to configure the old behavior if necessary.
Package
Upstream:released
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (9.0.1)
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Package
Upstream:not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:released (8u151)
Ubuntu 17.10 (Artful Aardvark):released (8u151-b12-0ubuntu0.17.10.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8u151-b12-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (8u151-b12-0ubuntu0.16.04.2)
Ubuntu 17.04 (Zesty Zapus):released (8u151-b12-0ubuntu0.17.04.2)
Patches:
Upstream:http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/84b0fbbfb8d6
More Information

Updated: 2017-11-08 10:14:17 UTC (commit 13651)