Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in OpenJDK
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenJDK
ID: USN-1619-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Fr, 26. Oktober 2012, 19:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~10.04.2
https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.04.1
https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.10.1
https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~12.04.1
Applikationen: OpenJDK

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5615264061768236198==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigF13DF360E7CB50304E6688D4"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF13DF360E7CB50304E6688D4
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable


==========================================================================
Ubuntu Security Notice USN-1619-1
October 26, 2012

openjdk-6, openjdk-7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK.

Software Description:
- openjdk-7: Open Source Java implementation
- openjdk-6: Open Source Java implementation

Details:

Several information disclosure vulnerabilities were discovered in the
OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,
CVE-2012-5077, CVE-2012-5085)

Vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,
CVE-2012-5086, CVE-2012-5089)

Information disclosure vulnerabilities were discovered in the OpenJDK JRE.
These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)

Vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2012-5073, CVE-2012-5079)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. This issue only affected Ubuntu 12.10.
(CVE-2012-5074)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. These issues only affected Ubuntu 12.10.
(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)

A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)

Please see the following for more information:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1
icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1

Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1

Ubuntu 11.10:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1

Ubuntu 11.04:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1

Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1619-1
CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143,
CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067,
CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071,
CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075,
CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,
CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,
CVE-2012-5087, CVE-2012-5088, CVE-2012-5089

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u9-2.3.3-0ubuntu1~12.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~12.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~10.04.2





--------------enigF13DF360E7CB50304E6688D4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQirSsAAoJEFHb3FjMVZVzH4UP/jBePFCO/jWd7IKnIi4nksGB
T9Bw/UVSm0zXoMmE3PrxMwuaq6rTC/h+h2So1S8NqEc+JFHhLKO3QE5QG+h21xQJ
6y7JSHp7CyUMAyZA6aW0SHHF22/lweAy4h+VyV8V6zMfNiK5Sl++CD/qraPGivzk
vL4VXuopP1Mu5Ma+4Kd+Bn0VwFB+lJGZrrqBINFrCJAiOrMgNyHPer9vf6jOL5tv
10C9B5rEsu1leBGKIA/PRXXHNUdZJY6SEwLsHJ4JStL/Egsv9l5+XqYph48+7Z58
FNd0tfrmQTt5an0epBYkZe/u3rDy8c+03bxEr68DuQq+hnsZM2f3ECG3OJeyHbU/
Ec+G3qXqThbYi7jj9lmJpovR6ITqiaBxQ+/MizF+PIPQHtMkVk4leYlBHxli+3zm
5iLSQNlUlWv4iEzCeetKT4eYF9WtsAKJLR6mklvoM5/aY66lzS0JPEdZiuH5E2OA
n/MFlstyEh5E4wdvhou+YQvoacd3rTcjcJVSwFg3YG2VAt6nypE88Z0uqBbMfPr3
hD3Xp88B35ttwwZgBUfne/Dv8AIom0CrD0ezhJNW+c6Ub7luzquOjQsV1VWT14vy
x3I33gaaR/VRDI6bwvCA1XeBUEL7M4izCW5N25qwq2yX1Dxo/v0sU5QlLyolDE9W
Cr4eAw2uZkExS7jwp4Jc
=fP46
-----END PGP SIGNATURE-----

--------------enigF13DF360E7CB50304E6688D4--


--===============5615264061768236198==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5615264061768236198==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung