Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 14.04 LTS USN-3396-1 Moderate: OpenJDK 7 Denial of Service

ubuntu
Calendar Grey August 18, 2017
Dist Ubuntu Esm H88
Multiple security flaws identified in OpenJDK 7 could result in service interruptions, breaches of access controls, and potential leaks of sensitive information.
Several security issues were fixed in OpenJDK 7.

Summary

Several security issues were fixed in OpenJDK 7.

Software Description:

- openjdk-7: Open Source Java implementation

Details:

It was discovered that the JPEGImageReader class in OpenJDK would

incorrectly read unused image data. An attacker could use this to specially

construct a jpeg image file that when opened by a Java application would

cause a denial of service. (CVE-2017-10053)

It was discovered that the JAR verifier in OpenJDK did not properly handle

archives containing files missing digests. An attacker could use this to

modify the signed contents of a JAR file. (CVE-2017-10067)

It was discovered that integer overflows existed in the Hotspot component

of OpenJDK when generating range check loop predicates. An attacker could

use this to specially construct an untrusted Java application or applet

that could escape sandbox restrictions and cause a denial of service or

possibly execute arbitrary code. (CVE-2017-10074)

It was discovered that OpenJDK did not properly process p...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  icedtea-7-jre-jamvm             7u151-2.6.11-0ubuntu1.14.04.1
  openjdk-7-jre                   7u151-2.6.11-0ubuntu1.14.04.1
  openjdk-7-jre-headless          7u151-2.6.11-0ubuntu1.14.04.1
  openjdk-7-jre-lib               7u151-2.6.11-0ubuntu1.14.04.1
  openjdk-7-jre-zero              7u151-2.6.11-0ubuntu1.14.04.1

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3396-1

CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081,

CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096,

CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108,

CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116,

CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10243

Severity
important
Lowest
Low
Medium
High
Critical

August 18, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here