Ubuntu 2487-1: OpenJDK 7 vulnerabilities

    Date27 Jan 2015
    CategoryUbuntu
    62
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in OpenJDK 7.
    
    ==========================================================================
    Ubuntu Security Notice USN-2487-1
    January 28, 2015
    
    openjdk-7 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 14.10
    - Ubuntu 14.04 LTS
    
    Summary:
    
    Several security issues were fixed in OpenJDK 7.
    
    Software Description:
    - openjdk-7: Open Source Java implementation
    
    Details:
    
    Several vulnerabilities were discovered in the OpenJDK JRE related to
    information disclosure, data integrity and availability. An attacker could
    exploit these to cause a denial of service or expose sensitive data over
    the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,
    CVE-2015-0408, CVE-2015-0412)
    
    Several vulnerabilities were discovered in the OpenJDK JRE related to
    information disclosure. An attacker could exploit these to expose sensitive
    data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,
    CVE-2015-0407)
    
    A vulnerability was discovered in the OpenJDK JRE related to
    information disclosure and integrity. An attacker could exploit this to
    expose sensitive data over the network. (CVE-2014-6593)
    
    A vulnerability was discovered in the OpenJDK JRE related to integrity and
    availability. An attacker could exploit this to cause a denial of service.
    (CVE-2015-0383)
    
    A vulnerability was discovered in the OpenJDK JRE related to availability.
    An attacker could this exploit to cause a denial of service.
    (CVE-2015-0410)
    
    A vulnerability was discovered in the OpenJDK JRE related to data
    integrity. (CVE-2015-0413)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 14.10:
      icedtea-7-jre-jamvm             7u75-2.5.4-1~utopic1
      openjdk-7-jre                   7u75-2.5.4-1~utopic1
      openjdk-7-jre-headless          7u75-2.5.4-1~utopic1
      openjdk-7-jre-lib               7u75-2.5.4-1~utopic1
      openjdk-7-jre-zero              7u75-2.5.4-1~utopic1
      openjdk-7-source                7u75-2.5.4-1~utopic1
    
    Ubuntu 14.04 LTS:
      icedtea-7-jre-jamvm             7u75-2.5.4-1~trusty1
      openjdk-7-jre                   7u75-2.5.4-1~trusty1
      openjdk-7-jre-headless          7u75-2.5.4-1~trusty1
      openjdk-7-jre-lib               7u75-2.5.4-1~trusty1
      openjdk-7-jre-zero              7u75-2.5.4-1~trusty1
      openjdk-7-source                7u75-2.5.4-1~trusty1
    
    This update uses a new upstream release, which includes additional bug
    fixes. After a standard system update you need to restart any Java
    applications or applets to make all the necessary changes.
    
    This update contains a known regression in the Zero alternative Java
    Virtual Machine on PowerPC and a future update will correct this issue. See
    https://launchpad.net/bugs/1415282 for details. We apologize for the
    inconvenience.
    
    References:
      http://www.ubuntu.com/usn/usn-2487-1
      CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,
      CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
      CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,
      CVE-2015-0412, CVE-2015-0413
    
    Package Information:
      https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~utopic1
      https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~trusty1
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.