Home / mailingsPDF  

[USN-2818-1] OpenJDK 7 vulnerability

Posted on 25 November 2015
Ubuntu Security

--===============2095954160522877125==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND"
Content-Disposition: inline


--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-2818-1
November 25, 2015

openjdk-7 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

A security issue was fixed in OpenJDK 7.

Software Description:
- openjdk-7: Open Source Java implementation

Details:

It was discovered that rebinding of the receiver of a
DirectMethodHandle may allow a protected method to be accessed. Am
attacker could use this to expose sensitive information or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.10.1

Ubuntu 15.04:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.14.04.1

After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2818-1
CVE-2015-4871

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.14.04.1

 

TOP

Mailings :

Exploits :