Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

Ubuntu 14.10 and 14.04 LTS Security Advisory: OpenJDK 7 Critical Issues

ubuntu
Calendar Grey January 28, 2015
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-3487-1 deals with vulnerabilities in OpenJDK 8 impacting Ubuntu 16.04 and 16.10.
Several security issues were fixed in OpenJDK 7.

Summary

Several security issues were fixed in OpenJDK 7.

Software Description:

- openjdk-7: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to

information disclosure, data integrity and availability. An attacker could

exploit these to cause a denial of service or expose sensitive data over

the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,

CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to

information disclosure. An attacker could exploit these to expose sensitive

data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,

CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to

information disclosure and integrity. An attacker could exploit this to

expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity and

availability. An attacker...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  icedtea-7-jre-jamvm             7u75-2.5.4-1~utopic1
  openjdk-7-jre                   7u75-2.5.4-1~utopic1
  openjdk-7-jre-headless          7u75-2.5.4-1~utopic1
  openjdk-7-jre-lib               7u75-2.5.4-1~utopic1
  openjdk-7-jre-zero              7u75-2.5.4-1~utopic1
  openjdk-7-source                7u75-2.5.4-1~utopic1

Ubuntu 14.04 LTS:
  icedtea-7-jre-jamvm             7u75-2.5.4-1~trusty1
  openjdk-7-jre                   7u75-2.5.4-1~trusty1
  openjdk-7-jre-headless          7u75-2.5.4-1~trusty1
  openjdk-7-jre-lib               7u75-2.5.4-1~trusty1
  openjdk-7-jre-zero              7u75-2.5.4-1~trusty1
  openjdk-7-source                7u75-2.5.4-1~trusty1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

This update contains a known regression in the Zero alternative Java
Virtual Machine on PowerPC and a future update will correct this issue. See
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1415282 for details. We apologize for the
inconvenience.

References

https://ubuntu.com/security/notices/USN-2487-1

CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,

CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,

CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,

CVE-2015-0412, CVE-2015-0413

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2487-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.