Explore top 10 tips to secure your open-source projects now. Read More
×
USN-3275-2 introduced a regression in OpenJDK 7.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the
update introduced a regression when handling TLS handshakes. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that OpenJDK improperly re-used cached NTLM
connections in some situations. A remote attacker could possibly
use this to cause a Java application to perform actions with the
credentials of a different user. (CVE-2017-3509)
It was discovered that an untrusted library search path flaw existed
in the Java Cryptography Extension (JCE) component of OpenJDK. A
local attacker could possibly use this to gain the privileges of a
Java application. (CVE-2017-3511)
It was discovered that the Java API for XML Processing (JAXP) component
in OpenJDK did not properly enforce size limits when parsing XML
documents. An atta...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre-headless 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre-lib 7u131-2.6.9-0ubuntu0.14.04.2 openjdk-7-jre-zero 7u131-2.6.9-0ubuntu0.14.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3275-3
https://ubuntu.com/security/notices/USN-3275-1
https://bugs.launchpad.net/ubuntu/trusty/+source/openjdk-7/+bug/1691126, https://ubuntu.com/security/notices/USN-3275-2
Get the latest Linux and open source security news straight to your inbox.