Launchpad.net

CVE 2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Related bugs and status

CVE-2017-7536 (Candidate) is related to these bugs:

Bug #1814133: update to openjdk 11 in 18.04 LTS

		In	Importance	Status
1814133	update to openjdk 11 in 18.04 LTS	saaj (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	ca-certificates-java (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jaxws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	metro-policy (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	testng (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	plexus-languages (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libcommons-lang3-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	dd-plist (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	clojure1.8 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jtreg (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-compiler-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	surefire (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	groovy (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jasperreports (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	octave (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gettext (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	insubstantial (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	java-common (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	javatools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jnr-posix (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jython (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libgpars-groovy-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	logback (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-javadoc-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-lts (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjfx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	scala (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-11-jre-dcevm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-util (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	libreoffice (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libreoffice-l10n (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gatk-native-bindings (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gkl (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	htsjdk (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jameica (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-datasource (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-bundle-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-enforcer (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-plugin-tools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-jaxb2-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby-openssl (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	visualvm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjogl2-java (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	fonts-liberation2 (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjavaewah-java (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2017:2808
REDHAT: RHSA-2017:2809
REDHAT: RHSA-2017:2810
REDHAT: RHSA-2017:2811
REDHAT: RHSA-2017:3141
REDHAT: RHSA-2017:3454
REDHAT: RHSA-2017:3455
REDHAT: RHSA-2017:3456
REDHAT: RHSA-2017:3458
BID: 101048
SECTRACK: 1039744
REDHAT: RHSA-2018:2740
REDHAT: RHSA-2018:2741
REDHAT: RHSA-2018:2742
REDHAT: RHSA-2018:2743
REDHAT: RHSA-2018:2927
REDHAT: RHSA-2018:3817
MLIST: [druid-commits] 201911...