Tuesday, April 23, 2013

[USN-1806-1] OpenJDK 7 vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRdvdSAAoJEFHb3FjMVZVz4U0P/0UrrlrxElyHbZXqKiNDbtut
kvf8c7njl1WbR5vFUs8/DSFJkPDRDJ0l/ID3Xpx2wZDlU6NL+a+v0X0O7ihydMj/
pXAoull/GbeT5/WBGOi9BXcxnKm/K8LhGMvJegi3lD6Vx/A4Lv7Uh4G7ncKuSXFb
G/hufJvYeCLBIwWlO5n52ahdG0NLWqBNZJpD9/OBA9e9KwwHWCZVpja/cMi8+YSQ
b2kdYsGZKPUA2d8E3nRhDzrPGgyMC+sDKBzzRhpAadVy9/6J/BXrrdLbGv1g9sNd
s9x5aZaA+oI5uzaYrgQa/zEA28SVgL+m8282xvMgJ+9xsRtZ1Cf1r+BOF/T+3LoX
DgW5ZiGgMxWzaD4JgQqmybgu1GHAbCsj0ZW3nGQGYHPoDhfj2ulxsKZkUxUTuoyh
9mCzVg9fXayqICOwGjgj8XwWe8GC/3OiI0YwS59H2T6D4lJNLY1dRz/iWLz4/aPj
OKrBaxYAkArhw+sfxf4M6tjBnsR3g+sYwtHEeJnTjL6rPwtcHmzAFngX4NxKHr1e
D9+MBozHI0Bku5Kkm2wp04XwHS1RO0r67g/AtcQIJPiOD/LsRRQ2sNXpHEgUquTx
EqCTRKhZ09xtaCeIejM7gnhVB+ljQ/Xu5ENzi4YsPiFXo5canj3s/HxhwcxaYnHi
Tqcbwejk3NBT7zwPVKiQ
=iLG0
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1806-1
April 23, 2013

openjdk-7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Several security issues were fixed in OpenJDK 7.

Software Description:
- openjdk-7: Open Source Java implementation

Details:

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit this
to execute arbitrary code. (CVE-2013-0401)

James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit this to execute arbitrary code. (CVE-2013-1488)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569,
CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,
CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)

Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive data
over the network. (CVE-2013-2415, CVE-2013-2424)

Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-2417, CVE-2013-2419)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-2423)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
icedtea-7-jre-jamvm 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-headless 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-lib 7u21-2.3.9-0ubuntu0.12.10.1
openjdk-7-jre-zero 7u21-2.3.9-0ubuntu0.12.10.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1806-1
CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537,
CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419,
CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423,
CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430,
CVE-2013-2431, CVE-2013-2436

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u21-2.3.9-0ubuntu0.12.10.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)