==========================================================================
Ubuntu Security Notice USN-2486-1
January 27, 2015

openjdk-6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK 6.

Software Description:
– openjdk-6: Open Source Java implementation

Details:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,
CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,
CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and integrity. An attacker could exploit this to
expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity and
availability. An attacker could exploit this to cause a denial of service.
(CVE-2015-0383)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could this exploit to cause a denial of service.
(CVE-2015-0410)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1
icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1
openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1
openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1
openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1
openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1

Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1
openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1
openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1
openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1
openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2486-1
CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,
CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,
CVE-2015-0412

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUyAKpAAoJEFHb3FjMVZVzDVUP/0IqJkVYmsJy4x4xsZyCnluP
VDVgAdRV4ea5GoOhC4OuFOI+ez9UD7EQvZxB7dEKzy035XD1ezKOsAK2aFBzq3jO
IX4uFAH9xBAdauht+L8RRrUD9/Sa+DkuebON2ZqMxDdqyDpc7a4Eo4AC4Jo3xQ3y
N/46+0yvoLNWYG7oO+0fP9lz9tGgv6UWm+G+b8Z22ilpg/8qbGZ1ObtCNAdRZADQ
+Pm6nAf7jmgpbt1fEkvNKHthhkh+zaUMmkSWHbjhuSkLrX6YWjZezH076LqDMOPX
aS9HiP3fnAbJXC3scBTC/5HQQoLRdwPAiKCPPKA5nhWUcIFdxT4JMShtktoesOfc
T7Igx+2Aflvdqy8jDvn0HJ2kIIdJszT2/yClsWGkK/GkcUWM3dsul/11dnXN7qYm
3d32wXAVbBqLyeWVKJ3U8g8F4ZQ7u8mRoPXq8eoKmfozx/7l21m6oyGODLUKA7SY
StRDKx6AjFLxhIVTS24TKJYoEeAecJn0BClVy1kCZNYZ2FYU/ILPURQXXuKLQcJ8
olqi+GoBcfC1Kf5xvB4vZkw6qUEE69FsW2Ys/wDnj8KBSWAViHzYgWl+ZpKRjiIf
NweCtxY0pm8/A7v/vLQQgpZ67z9okEi57XyZOoDPGjE0usqYSvPJiwYQErfHPStS
kUCB6YD1XL77gXlVX4Yt
=yUd7
—–END PGP SIGNATURE—–
—