Launchpad.net

CVE 2018-11771

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Related bugs and status

CVE-2018-11771 (Candidate) is related to these bugs:

Bug #1814133: update to openjdk 11 in 18.04 LTS

		In	Importance	Status
1814133	update to openjdk 11 in 18.04 LTS	saaj (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	ca-certificates-java (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jaxws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jws-api (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	metro-policy (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	testng (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	plexus-languages (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libcommons-lang3-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	dd-plist (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	clojure1.8 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jtreg (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-compiler-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	surefire (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gradle-debian-helper (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	groovy (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jasperreports (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	octave (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gettext (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	insubstantial (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	java-common (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	javatools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jnr-posix (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jython (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libgpars-groovy-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	logback (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-javadoc-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-lts (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjfx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	scala (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	openjdk-11-jre-dcevm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-util (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	libreoffice (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libreoffice-l10n (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gatk-native-bindings (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	gkl (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	htsjdk (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	jameica (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jameica-datasource (Ubuntu)	Undecided	Invalid
1814133	update to openjdk 11 in 18.04 LTS	maven-bundle-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-enforcer (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-plugin-tools (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	maven-jaxb2-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jruby-openssl (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	visualvm (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjogl2-java (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	fonts-liberation2 (Ubuntu)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	libjavaewah-java (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	scilab (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	gluegen2 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	ecj (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	activemq (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	afterburner.fx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	annotation-indexer (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	apache-directory-server (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	aspectj (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	aspectj-maven-plugin (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	batik (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	bindex (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	bridge-method-injector (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	carrotsearch-hppc (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	commons-httpclient (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	eclipselink (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	elki (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	clojure (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	figtree (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	fontawesomefx (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hikaricp (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hsqldb (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	hsqldb1.8.0 (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jabref (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jackson-core (Ubuntu Bionic)	Undecided	Fix Released
1814133	update to openjdk 11 in 18.04 LTS	jackson-databind (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-11771

Related bugs and status

Related bugs

References