User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-2089-1 (openjdk-7)

From:  Jamie Strandboge <jamie@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-2089-1] openjdk-7 vulnerabilities
Date:  Thu, 23 Jan 2014 14:55:48 -0600
Message-ID:  <52E181D4.5080400@canonical.com>

========================================================================== Ubuntu Security Notice USN-2089-1 January 23, 2014 openjdk-7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896, CVE-2013-5910) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.10.1 Ubuntu 13.04: icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.04.2 Ubuntu 12.10: icedtea-7-jre-cacao 7u51-2.4.4-0ubuntu0.12.10.2 icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.12.10.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2089-1 CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0408, Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4... https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4... https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds