Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 15.04, 14.04 LTS: 2696-1 Critical: OpenJDK 7 Info Disclosure DoS

ubuntu
Calendar Grey July 30, 2015
Scroller Ubuntu
Recent patches for OpenJDK 8 on Debian tackle serious vulnerabilities and enhance encryption methods to protect user data.
Several security issues were fixed in OpenJDK 7.

Summary

Several security issues were fixed in OpenJDK 7.

Software Description:

- openjdk-7: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to

information disclosure, data integrity, and availability. An attacker

could exploit these to cause a denial of service or expose sensitive

data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,

CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)

Several vulnerabilities were discovered in the cryptographic components

of the OpenJDK JRE. An attacker could exploit these to expose sensitive

data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000,

CVE-2015-2625, CVE-2015-2613)

As a security improvement, this update modifies OpenJDK behavior to

disable RC4 TLS/SSL cipher suites by default.

As a security improvement, this update modifies OpenJDK behavior to

reject DH key sizes below 768 bits by default, preventing a possible

downgrade attack.

Several vulner...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  icedtea-7-jre-jamvm             7u79-2.5.6-0ubuntu1.15.04.1
  openjdk-7-jdk                   7u79-2.5.6-0ubuntu1.15.04.1
  openjdk-7-jre                   7u79-2.5.6-0ubuntu1.15.04.1
  openjdk-7-jre-headless          7u79-2.5.6-0ubuntu1.15.04.1
  openjdk-7-jre-lib               7u79-2.5.6-0ubuntu1.15.04.1
  openjdk-7-jre-zero              7u79-2.5.6-0ubuntu1.15.04.1

Ubuntu 14.04 LTS:
  icedtea-7-jre-jamvm             7u79-2.5.6-0ubuntu1.14.04.1
  openjdk-7-jdk                   7u79-2.5.6-0ubuntu1.14.04.1
  openjdk-7-jre                   7u79-2.5.6-0ubuntu1.14.04.1
  openjdk-7-jre-headless          7u79-2.5.6-0ubuntu1.14.04.1
  openjdk-7-jre-lib               7u79-2.5.6-0ubuntu1.14.04.1
  openjdk-7-jre-zero              7u79-2.5.6-0ubuntu1.14.04.1

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2696-1

CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621,

CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808,

CVE-2015-4000, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732,

CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760,

Severity
critical
Lowest
Low
Medium
High
Critical

July 30, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.