[Irtalk] FW: [USN-1819-1] OpenJDK 6 vulnerabilities

Gibson, H <hgibson@sun.ac.za> hgibson at sun.ac.za
Wed May 8 08:30:29 SAST 2013


For all those using Ubuntu for DSpace installations.

Hilton Gibson
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

http://www.sun.ac.za/library
________________________________________
From: ubuntu-security-announce-bounces at lists.ubuntu.com [ubuntu-security-announce-bounces at lists.ubuntu.com] on behalf of Jamie Strandboge [jamie at canonical.com]
Sent: 07 May 2013 08:04 PM
To: ubuntu-security-announce at lists.ubuntu.com
Subject: [USN-1819-1] OpenJDK 6 vulnerabilities

==========================================================================
Ubuntu Security Notice USN-1819-1
May 07, 2013

openjdk-6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK 6.

Software Description:
- openjdk-6: Open Source Java implementation

Details:

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit this
to execute arbitrary code. (CVE-2013-0401)

James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit this to execute arbitrary code. (CVE-2013-1488)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,
CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,
CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,
CVE-2013-2436)

Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive data
over the network. (CVE-2013-2415, CVE-2013-2424)

Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-2417, CVE-2013-2419)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  icedtea-6-jre-cacao             6b27-1.12.5-0ubuntu0.12.04.1
  icedtea-6-jre-jamvm             6b27-1.12.5-0ubuntu0.12.04.1
  openjdk-6-jre                   6b27-1.12.5-0ubuntu0.12.04.1
  openjdk-6-jre-headless          6b27-1.12.5-0ubuntu0.12.04.1
  openjdk-6-jre-lib               6b27-1.12.5-0ubuntu0.12.04.1
  openjdk-6-jre-zero              6b27-1.12.5-0ubuntu0.12.04.1

Ubuntu 11.10:
  icedtea-6-jre-cacao             6b27-1.12.5-0ubuntu0.11.10.1
  icedtea-6-jre-jamvm             6b27-1.12.5-0ubuntu0.11.10.1
  openjdk-6-jre                   6b27-1.12.5-0ubuntu0.11.10.1
  openjdk-6-jre-headless          6b27-1.12.5-0ubuntu0.11.10.1
  openjdk-6-jre-lib               6b27-1.12.5-0ubuntu0.11.10.1
  openjdk-6-jre-zero              6b27-1.12.5-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
  icedtea-6-jre-cacao             6b27-1.12.5-0ubuntu0.10.04.1
  openjdk-6-jre                   6b27-1.12.5-0ubuntu0.10.04.1
  openjdk-6-jre-headless          6b27-1.12.5-0ubuntu0.10.04.1
  openjdk-6-jre-lib               6b27-1.12.5-0ubuntu0.10.04.1
  openjdk-6-jre-zero              6b27-1.12.5-0ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1819-1
  CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537,
  CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383,
  CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419,
  CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424,
  CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431

Package Information:

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.11.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.10.04.1





________________________________

E-pos vrywaringsklousule Hierdie e-pos mag vertroulike inligting bevat en mag regtens geprivilegeerd wees en is slegs bedoel vir die persoon aan wie dit geadresseer is. Indien u nie die bedoelde ontvanger is nie, word u hiermee in kennis gestel dat u hierdie dokument geensins mag gebruik, versprei of kopieer nie. Stel ook asseblief die sender onmiddellik per telefoon in kennis en vee die e-pos uit. Die Universiteit aanvaar nie aanspreeklikheid vir enige skade, verlies of uitgawe wat voortspruit uit hierdie e-pos en/of die oopmaak van enige lêers aangeheg by hierdie e-pos nie. E-mail disclaimer This e-mail may contain confidential information and may be legally privileged and is intended only for the person to whom it is addressed. If you are not the intended recipient, you are notified that you may not use, distribute or copy this document in any manner whatsoever. Kindly also notify the sender immediately by telephone, and delete the e-mail. The University does not accept liability for any damage, loss or expense arising from this e-mail and/or accessing any files attached to this e-mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 917 bytes
Desc: OpenPGP digital signature.asc
URL: <http://lists.lib.sun.ac.za/pipermail/irtalk/attachments/20130508/245aebad/attachment-0001.pgp>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://lists.lib.sun.ac.za/pipermail/irtalk/attachments/20130508/245aebad/attachment-0001.txt>


More information about the Irtalk mailing list