Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenJDK 7.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
It was discovered that a race condition existed in the cryptography
implementation in OpenJDK. An attacker could possibly use this to expose
sensitive information. (CVE-2018-2579)
It was discovered that the LDAP implementation in OpenJDK did not properly
encode login names. A remote attacker could possibly use this to expose
sensitive information. (CVE-2018-2588)
It was discovered that the DNS client implementation in OpenJDK did not
properly randomize source ports. A remote attacker could use this to spoof
responses to DNS queries made by Java applications. (CVE-2018-2599)
It was discovered that the Internationalization component of OpenJDK did
not restrict search paths when loading resource bundle classes. A local
attacker could use this to trick a user into running malicious code.
(CVE-2018-2602)
It was discovered that OpenJDK did not properly restr...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jdk 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre-headless 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre-lib 7u171-2.6.13-0ubuntu0.14.04.2 openjdk-7-jre-zero 7u171-2.6.13-0ubuntu0.14.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3614-1
CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602,
CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633,
CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663,
CVE-2018-2677, CVE-2018-2678
Get the latest Linux and open source security news straight to your inbox.