Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Ubuntu 12.04 LTS & 10.04 LTS USN-2486-1 Critical OpenJDK 6 Threats

ubuntu
Calendar Grey January 27, 2015
Dist Ubuntu Esm H88
Multiple vulnerabilities present in OpenJDK 6 necessitate urgent patching for Ubuntu 12.04 and 10.04 to maintain data integrity.
Several security issues were fixed in OpenJDK 6.

Summary

Several security issues were fixed in OpenJDK 6.

Software Description:

- openjdk-6: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to

information disclosure, data integrity and availability. An attacker could

exploit these to cause a denial of service or expose sensitive data over

the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,

CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to

information disclosure. An attacker could exploit these to expose sensitive

data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,

CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to

information disclosure and integrity. An attacker could exploit this to

expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity and

availability. An attacker...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  icedtea-6-jre-cacao             6b34-1.13.6-1ubuntu0.12.04.1
  icedtea-6-jre-jamvm             6b34-1.13.6-1ubuntu0.12.04.1
  openjdk-6-jre                   6b34-1.13.6-1ubuntu0.12.04.1
  openjdk-6-jre-headless          6b34-1.13.6-1ubuntu0.12.04.1
  openjdk-6-jre-lib               6b34-1.13.6-1ubuntu0.12.04.1
  openjdk-6-jre-zero              6b34-1.13.6-1ubuntu0.12.04.1

Ubuntu 10.04 LTS:
  icedtea-6-jre-cacao             6b34-1.13.6-1ubuntu0.10.04.1
  openjdk-6-jre                   6b34-1.13.6-1ubuntu0.10.04.1
  openjdk-6-jre-headless          6b34-1.13.6-1ubuntu0.10.04.1
  openjdk-6-jre-lib               6b34-1.13.6-1ubuntu0.10.04.1
  openjdk-6-jre-zero              6b34-1.13.6-1ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2486-1

CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,

CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,

CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,

CVE-2015-0412

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2486-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.