Mehrere Probleme in OpenJDK
ID: | USN-2487-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 14.10 |
Datum: | Mi, 28. Januar 2015, 06:14 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0413 https://launchpad.net/bugs/1415282 for details. We apologize for the |
Applikationen: | OpenJDK |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5334217473115015082== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LVB76FmEQgL3VmXhFrt2ixLQm7OGgrBCm" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LVB76FmEQgL3VmXhFrt2ixLQm7OGgrBCm Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2487-1 January 28, 2015 openjdk-7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: icedtea-7-jre-jamvm 7u75-2.5.4-1~utopic1 openjdk-7-jre 7u75-2.5.4-1~utopic1 openjdk-7-jre-headless 7u75-2.5.4-1~utopic1 openjdk-7-jre-lib 7u75-2.5.4-1~utopic1 openjdk-7-jre-zero 7u75-2.5.4-1~utopic1 openjdk-7-source 7u75-2.5.4-1~utopic1 Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u75-2.5.4-1~trusty1 openjdk-7-jre 7u75-2.5.4-1~trusty1 openjdk-7-jre-headless 7u75-2.5.4-1~trusty1 openjdk-7-jre-lib 7u75-2.5.4-1~trusty1 openjdk-7-jre-zero 7u75-2.5.4-1~trusty1 openjdk-7-source 7u75-2.5.4-1~trusty1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. This update contains a known regression in the Zero alternative Java Virtual Machine on PowerPC and a future update will correct this issue. See https://launchpad.net/bugs/1415282 for details. We apologize for the inconvenience. References: http://www.ubuntu.com/usn/usn-2487-1 CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413 Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~utopic1 https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~trusty1 --LVB76FmEQgL3VmXhFrt2ixLQm7OGgrBCm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUyEnCAAoJEFHb3FjMVZVzTjIP/2IyVOWFt6KsGlT1lXC5GwVp tHWKbjOC0kV+AipF9aFT6Y6TjkH9h+EnK7/mTfSEfe6J0bQJWFY+FA2ppPkAIC3t LKkFbxi7FnTohbqAk34loaOBmk5j5MT1VPzlXNho3gj/OiCab2At/v/RSP0SqHMb ML4Z7jS54pWVZzr7JiGzEhE6t/RKGNjbwo9aUIIY8MpT8rN02Rvi9gZTHk3lmVxd UbiVHFLV0OY2F6u3xL8hRFktvXTyx+mziQmZOvBjZL6jf9M9dYyCrVX/0HeDL31R v2CXFoViQLe9LJShA/xyUws70IYL00aJr6eMx/uvlXr3S6IvovCf6z3rdCYSD2AJ cZTOdsCphS8UEEEbm0tWCvBu46mEl0AXswaozZINdmjH06yvX30yC0FbxeuAIRwx LoD275XVwjAq0/AqcbqqwxBTr9m4FRmxGLaBgfl639mSw9Gve8K+ac7wFQWYlToA +lG2x4dtJ3W+JQF0g3xqWgunu31r1MppCsZTIxod13Zt8phOZPGjmBeZMdjGobIE 6s0K+xLV1Wa0uGACQDxJCY0YqyBk4Qxs8QCV8XdJBebbkOwGe6rpg0ii2Xond4Q/ X9B+E/ZK20qM9WYzVMgyG5RxfheUGGpOjnyGblLO/31YL8kPlGahSeJbZWwa18WT tC1AczS7Sy6JUuwZsrAW =YwBe -----END PGP SIGNATURE----- --LVB76FmEQgL3VmXhFrt2ixLQm7OGgrBCm-- --===============5334217473115015082== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============5334217473115015082==-- |