1
PublicDateAtUSN: 2017-04-24
2
Candidate: CVE-2017-3526
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3526
6
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
7
https://usn.ubuntu.com/usn/usn-3275-1
8
https://usn.ubuntu.com/usn/usn-3275-2
10
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
11
Java SE (subcomponent: JAXP). Supported versions that are affected are Java
12
SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13.
13
Difficult to exploit vulnerability allows unauthenticated attacker with
14
network access via multiple protocols to compromise Java SE, Java SE
15
Embedded, JRockit. Successful attacks of this vulnerability can result in
16
unauthorized ability to cause a hang or frequently repeatable crash
17
(complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to
18
client and server deployment of Java. This vulnerability can be exploited
19
through sandboxed Java Web Start applications and sandboxed Java applets.
20
It can also be exploited by supplying data to APIs in the specified
21
Component without using sandboxed Java Web Start applications or sandboxed
22
Java applets, such as through a web service. CVSS 3.0 Base Score 5.9
23
(Availability impacts). CVSS Vector:
24
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
26
It was discovered that the Java API for XML Processing (JAXP)
27
component in OpenJDK did not properly enforce size limits when parsing
28
XML documents. An attacker could use this to cause a denial of service
29
(processor and memory consumption).
37
upstream_openjdk-7: needs-triage
38
precise_openjdk-7: ignored (reached end-of-life)
39
precise/esm_openjdk-7: DNE (precise was needs-triage)
40
trusty_openjdk-7: released (7u131-2.6.9-0ubuntu0.14.04.1)
41
vivid/stable-phone-overlay_openjdk-7: DNE
42
vivid/ubuntu-core_openjdk-7: DNE
44
yakkety_openjdk-7: DNE
51
upstream_openjdk-6: needs-triage
52
precise_openjdk-6: ignored (reached end-of-life)
53
precise/esm_openjdk-6: DNE (precise was needs-triage)
54
trusty_openjdk-6: needs-triage
55
vivid/stable-phone-overlay_openjdk-6: DNE
56
vivid/ubuntu-core_openjdk-6: DNE
58
yakkety_openjdk-6: DNE
65
upstream_openjdk-8: needs-triage
66
precise_openjdk-8: DNE
67
precise/esm_openjdk-8: DNE
69
vivid/stable-phone-overlay_openjdk-8: DNE
70
vivid/ubuntu-core_openjdk-8: DNE
71
xenial_openjdk-8: released (8u131-b11-0ubuntu1.16.04.2)
72
yakkety_openjdk-8: released (8u131-b11-0ubuntu1.16.10.2)
73
zesty_openjdk-8: released (8u131-b11-0ubuntu1.17.04.1)
74
artful_openjdk-8: not-affected (8u131-b11-1)
75
bionic_openjdk-8: not-affected (8u131-b11-1)
76
devel_openjdk-8: not-affected (8u131-b11-1)