Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 14.04 LTS: USN-3275-2 Moderate: OpenJDK 7 Remote Threats

ubuntu
Calendar Grey May 16, 2017
Dist Ubuntu Esm H88
OpenJDK 7 in Ubuntu 14.04 LTS has multiple vulnerabilities that have been addressed. It is crucial to take prompt measures to maintain your system's security.
Several security issues were fixed in OpenJDK 7.

Summary

Several security issues were fixed in OpenJDK 7.

Software Description:

- openjdk-7: Open Source Java implementation

Details:

USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides

the corresponding updates for OpenJDK 7.

Original advisory details:

It was discovered that OpenJDK improperly re-used cached NTLM

connections in some situations. A remote attacker could possibly

use this to cause a Java application to perform actions with the

credentials of a different user. (CVE-2017-3509)

It was discovered that an untrusted library search path flaw existed

in the Java Cryptography Extension (JCE) component of OpenJDK. A

local attacker could possibly use this to gain the privileges of a

Java application. (CVE-2017-3511)

It was discovered that the Java API for XML Processing (JAXP) component

in OpenJDK did not properly enforce size limits when parsing XML

documents. An attacker could use this to cause a denial of service

(processor and memory consumption). (CVE-2017-35...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  icedtea-7-jre-jamvm             7u131-2.6.9-0ubuntu0.14.04.1
  openjdk-7-jre                   7u131-2.6.9-0ubuntu0.14.04.1
  openjdk-7-jre-headless          7u131-2.6.9-0ubuntu0.14.04.1
  openjdk-7-jre-lib               7u131-2.6.9-0ubuntu0.14.04.1
  openjdk-7-jre-zero              7u131-2.6.9-0ubuntu0.14.04.1

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3275-2

https://ubuntu.com/security/notices/USN-3275-1

CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533,

CVE-2017-3539, CVE-2017-3544

May 15, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.