Ubuntu 12.10 USN-1735-1 Critical Information Disclosure in OpenJDK
Feb 21, 2013
•
LinuxSecurity Advisories
2 - 3 min read
Several security issues were fixed in OpenJDK.
=========================================================================Ubuntu Security Notice USN-1735-1 February 21, 2013 openjdk-6, openjdk-7 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-7: Open Source Java implementation - openjdk-6: Open Source Java implementation Details: Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484) A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u15-2.3.7-0ubuntu1~12.10 icedtea-7-jre-jamvm 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-headless 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-lib 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-zero 7u15-2.3.7-0ubuntu1~12.10 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~12.04 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~12.04 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~11.10 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~11.10 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~10.04 This update uses a new upstream release which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1735-1 CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487 Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u15-2.3.7-0ubuntu1~12.10 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~12.04 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~11.10 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~10.04
PREVIOUS
NEXT
Ubuntu 12.10 USN-1735-1 Critical Information Disclosure in OpenJDK
ubuntu
February 21, 2013
Several security issues were fixed in OpenJDK.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u15-2.3.7-0ubuntu1~12.10 icedtea-7-jre-jamvm 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-headless 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-lib 7u15-2.3.7-0ubuntu1~12.10 openjdk-7-jre-zero 7u15-2.3.7-0ubuntu1~12.10 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~12.04 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~12.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~12.04 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~11.10 icedtea-6-jre-jamvm 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~11.10 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~11.10 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-headless 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-lib 6b27-1.12.3-0ubuntu1~10.04 openjdk-6-jre-zero 6b27-1.12.3-0ubuntu1~10.04 This update uses a new upstream release which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1735-1
CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486,
CVE-2013-1487
Severity
critical
Lowest
Low
Medium
High
Critical
=========================================================================Ubuntu Security Notice USN-1735-1
Package Information
https://launchpad.net/ubuntu/+source/openjdk-7/7u15-2.3.7-0ubuntu1~12.10 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~12.04 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~11.10 https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.3-0ubuntu1~10.04
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!