USN-3830-1: OpenJDK regression

28 November 2018

openjdk-8, openjdk-lts regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

USN-3804-1 introduced a regression in OpenJDK.

Software Description

  • openjdk-lts - Open Source Java implementation
  • openjdk-8 - Open Source Java implementation

Details

USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.

We apologize for the inconvenience.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.4
openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.4
openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.4
Ubuntu 16.04 LTS
openjdk-8-jdk - 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre - 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre-headless - 8u191-b12-0ubuntu0.16.04.1
openjdk-8-jre-jamvm - 8u191-b12-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References