[USN-2942-1] OpenJDK 7 vulnerability
Jamie Strandboge
jamie at canonical.com
Fri Mar 25 01:10:35 UTC 2016
==========================================================================
Ubuntu Security Notice USN-2942-1
March 24, 2016
openjdk-7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
OpenJDK could be made to crash or run programs as your login if it received
specially crafted input.
Software Description:
- openjdk-7: Open Source Java implementation
Details:
A vulnerability was discovered in the JRE related to information
disclosure, data integrity, and availability. An attacker could exploit
these to cause a denial of service, expose sensitive data over the network,
or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.2
openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.2
openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.2
openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.2
openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.2
openjdk-7-jdk 7u95-2.6.4-0ubuntu0.14.04.2
openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.2
openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.2
openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.2
openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2942-1
CVE-2016-0636
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.15.10.2
https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.14.04.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20160324/e1a48010/attachment.sig>
More information about the ubuntu-security-announce
mailing list