If you are using software that depends on Java, or more specifically on OpenJDK, update. Canonical has published a security report in which it tells us about several security flaws present in the free version of the Java development platform. The report is the USN-4223-1 And, as usual, the company that Mark Shuttleworth runs has made it public after fixing the vulnerabilities and delivering the patches for all supported Ubuntu versions.
Security flaws affect all versions of Ubuntu that enjoy official support, which at the moment are Ubuntu 19.10 Eoan Ermine, Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 LTS Bionic Beaver and Ubuntu 16.04 LTS Xenial Xerus. Ubuntu 14.04 ESM, Ubuntu 12.04 ESM and Ubuntu 20.04 LTS Focal Fossa are not mentioned because they are not affected or otherwise, the latter being the operating system that Canonical will release on April 23, 2020.
Fixed 16 OpenJDK vulnerabilities
In total, 16 vulnerabilities have been fixed, which you have below. All of them have been labeled medium urgency and some could allow a malicious user to expose sensitive information:
- CVE-2019-2894
- CVE-2019-2945
- CVE-2019-2949
- CVE-2019-2962
- CVE-2019-2964
- CVE-2019-2973
- CVE-2019-2975
- CVE-2019-2977
- CVE-2019-2978
- CVE-2019-2981
- CVE-2019-2983
- CVE-2019-2987
- CVE-2019-2988
- CVE-2019-2989
- CVE-2019-2992
- CVE-2019-2999
In the previous 16 bugs, Canonical mentions "an attacker", but in none of them does it say that this malicious user can exploit a vulnerability remotely. This means that the attacker you won't be able to take advantage of any of the glitches if you don't have physical access to the computer or is connected to the same WiFi network.
To apply these patches and protect ourselves from all these OpenJDK security flaws, we just have to open our software center (or the Software Update app) of our operating system and install new versions of packages that will already be waiting for us. For the changes to take effect, we must restart the computer.