You are here
Home > Preporuke > Nadogradnja za openjdk-6

Nadogradnja za openjdk-6

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2191-1
May 01, 2014

openjdk-6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK 6.

Software Description:
– openjdk-6: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,
CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427)

Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2014-0459)

Jakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary
files. A local attacker could possibly use this issue to overwrite
arbitrary files. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2014-1876)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-2398)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure. An attacker could exploit this to expose sensitive data over
the network. (CVE-2014-2403)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.12.04.2
icedtea-6-jre-jamvm 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.12.04.2
openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.12.04.2

Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2191-1
CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0462,
CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403,
CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-6/6b31-1.13.3-1ubuntu1~0.12.04.2
https://launchpad.net/ubuntu/+source/openjdk-6/6b31-1.13.3-1ubuntu1~0.10.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTYrnpAAoJEFHb3FjMVZVzHcgP/Ai8YiDBoOIKCV27vnTrreo4
Y1I6Vkmv/UnNUTBaUGu+ulpNSP2QcL5THOKCX/am14VZhMwGT+05Xx/TRfXtKZn9
1LF0i2c8dI2Vvgwjce1MfM/lW3gXxBQVxuCwWkqx3ceQqdyW5CE2O+ABAIP7gxnR
mVHWk9f4tIIjue1GPsj17X9sXsMwk+l4RL8EQ482k1J8DRvJafsK2dwyuaojNDm4
zso+2c6rPoiwemCITINlsaxf8w1PtwS3QI2qRGGIEUNriow2Q3a42ewpq+PxGpH9
8X5N1si8/sUI49o9SJCGMa0OHCneHofqM1lAfUTKBvO4SfGtujB5c5RDVE1N8U0x
4qNph8ehTFRQCwWuqg1oyj9AE6Hv6/r+kBh3Yo3RrehRGuJV1p0EAEOAIiCNqd9H
U/gnoQxRrBGb2aEiMGoX7C1S8stx/opc1MdJkX0/7RwiimmzTrs3El4SGBbmhcTx
9/KByP0HlHFkeCWJe4TLfs2HTMq14407LGEJ7VN20B2RkGw7RVDHWO+K2DSfCAt9
/pwbFmKmaSFWf6YcCJHOoCN8rDQb9FEkBNOWuR+oEz9ENdTaO6ePuif+rf1O1Ofc
Z4kOTAu6WuWVLKhfYgNbENn9KGxRTU8KNyY7W+PUvLt2+ZNb6OFoc2EXW8CfTxzh
YQ7njiszIO02Yd0vDw4c
=qXJD
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-05-0014-ADV
CveCVE-2010-2883 CVE-2010-2884 CVE-2010-2887 CVE-2010-2888
ID izvornikaUSN-2191-1
Proizvodopenjdk-6
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivost programskog paketa openshift-origin-broker-util

Otkrivena je ranjivost kod programskog paketa openshift-origin-broker-util za RHEL OpenShift Enterprise 2.0.5 i 1.2.7. Ranjivost se nalazila u inicijalnim postavkama...

Close