Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenJDK 6.
Software Description:
- openjdk-6: Open Source Java implementation
Details:
Karthik Bhargavan and Gaetan Leurent discovered that the DES and
Triple DES ciphers were vulnerable to birthday attacks. A remote
attacker could possibly use this flaw to obtain clear text data from
long encrypted sessions. This update moves those algorithms to the
legacy algorithm set and causes them to be used only if no non-legacy
algorithms can be negotiated. (CVE-2016-2183)
It was discovered that OpenJDK accepted ECSDA signatures using
non-canonical DER encoding. An attacker could use this to modify or
expose sensitive data. (CVE-2016-5546)
It was discovered that covert timing channel vulnerabilities existed
in the DSA implementations in OpenJDK. A remote attacker could use
this to expose sensitive information. (CVE-2016-5548)
It was discovered that the URLStreamHandler class in OpenJDK did not
properly parse user information from a URL. A remote a...
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b41-1.13.13-0ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jdk 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-headless 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-lib 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-zero 6b41-1.13.13-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3198-1
CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552,
CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253,
CVE-2017-3261, CVE-2017-3272
Get the latest Linux and open source security news straight to your inbox.