exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-1819-1

Ubuntu Security Notice USN-1819-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1819-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422
SHA-256 | a635281db9d2f6415d9524c066b6db166a048380476c69d658d0a8b5199bb47a

Ubuntu Security Notice USN-1819-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-1819-1
May 07, 2013

openjdk-6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK 6.

Software Description:
- openjdk-6: Open Source Java implementation

Details:

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit this
to execute arbitrary code. (CVE-2013-0401)

James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit this to execute arbitrary code. (CVE-2013-1488)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,
CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,
CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,
CVE-2013-2436)

Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive data
over the network. (CVE-2013-2415, CVE-2013-2424)

Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-2417, CVE-2013-2419)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.12.04.1
icedtea-6-jre-jamvm 6b27-1.12.5-0ubuntu0.12.04.1
openjdk-6-jre 6b27-1.12.5-0ubuntu0.12.04.1
openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.12.04.1
openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.12.04.1
openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.12.04.1

Ubuntu 11.10:
icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.11.10.1
icedtea-6-jre-jamvm 6b27-1.12.5-0ubuntu0.11.10.1
openjdk-6-jre 6b27-1.12.5-0ubuntu0.11.10.1
openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.11.10.1
openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.11.10.1
openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.10.04.1
openjdk-6-jre 6b27-1.12.5-0ubuntu0.10.04.1
openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.10.04.1
openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.10.04.1
openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-1819-1
CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537,
CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419,
CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431

Package Information:

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.11.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.10.04.1




Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close