1. Ubuntu Security Notices
  2. USN-2487-1

USN-2487-1: OpenJDK 7 vulnerabilities

Publication date

28 January 2015

Overview

Several security issues were fixed in OpenJDK 7.

Releases

Packages

  • openjdk-7 - Open Source Java implementation

Details

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,
CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,
CVE-2015-0407)

A vulnerability was...

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,
CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400,
CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and integrity. An attacker could exploit this to
expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity and
availability. An attacker could exploit this to cause a denial of service.
(CVE-2015-0383)

A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could this exploit to cause a denial of service.
(CVE-2015-0410)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2015-0413)

Update instructions

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. This update contains a known regression in the Zero alternative Java Virtual Machine on PowerPC and a future update will correct this issue. See https://launchpad.net/bugs/1415282 for details. We apologize for the inconvenience.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.10 utopic icedtea-7-jre-jamvm –  7u75-2.5.4-1~utopic1
openjdk-7-jre –  7u75-2.5.4-1~utopic1
openjdk-7-jre-headless –  7u75-2.5.4-1~utopic1
openjdk-7-jre-lib –  7u75-2.5.4-1~utopic1
openjdk-7-jre-zero –  7u75-2.5.4-1~utopic1
openjdk-7-source –  7u75-2.5.4-1~utopic1
14.04 trusty icedtea-7-jre-jamvm –  7u75-2.5.4-1~trusty1
openjdk-7-jre –  7u75-2.5.4-1~trusty1
openjdk-7-jre-headless –  7u75-2.5.4-1~trusty1
openjdk-7-jre-lib –  7u75-2.5.4-1~trusty1
openjdk-7-jre-zero –  7u75-2.5.4-1~trusty1
openjdk-7-source –  7u75-2.5.4-1~trusty1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›