Bug#888530: openjfx: CVE-2018-2581

Salvatore Bonaccorso carnil at debian.org
Fri Jan 26 19:44:09 UTC 2018


Source: openjfx
Version: 8u151-b12-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for openjfx, apart the CVE
description not much is available:

CVE-2018-2581[0]:
| Vulnerability in the Java SE component of Oracle Java SE
| (subcomponent: JavaFX). Supported versions that are affected are Java
| SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows
| unauthenticated attacker with network access via multiple protocols to
| compromise Java SE. Successful attacks require human interaction from
| a person other than the attacker and while the vulnerability is in
| Java SE, attacks may significantly impact additional products.
| Successful attacks of this vulnerability can result in unauthorized
| read access to a subset of Java SE accessible data. Note: This
| vulnerability applies to Java deployments, typically in clients
| running sandboxed Java Web Start applications or sandboxed Java
| applets, that load and run untrusted code (e.g., code that comes from
| the internet) and rely on the Java sandbox for security. This
| vulnerability does not apply to Java deployments, typically in
| servers, that load and run only trusted code (e.g., code installed by
| an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts).
| CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-2581
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2581

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the pkg-java-maintainers mailing list