USN-1693-1: OpenJDK 7 vulnerabilities
16 January 2013
OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet.
- openjdk-7 - Open Source Java implementation
It was discovered that OpenJDK 7's security mechanism could be bypassed via
Java applets. If a user were tricked into opening a malicious website, a
remote attacker could exploit this to perform arbitrary code execution as
the user invoking the program.
The problem can be corrected by updating your system to the following package versions:
- icedtea-7-jre-cacao - 7u9-2.3.4-0ubuntu188.8.131.52
- icedtea-7-jre-jamvm - 7u9-2.3.4-0ubuntu184.108.40.206
- openjdk-7-jre - 7u9-2.3.4-0ubuntu220.127.116.11
- openjdk-7-jre-headless - 7u9-2.3.4-0ubuntu18.104.22.168
- openjdk-7-jre-lib - 7u9-2.3.4-0ubuntu22.214.171.124
- openjdk-7-jre-zero - 7u9-2.3.4-0ubuntu126.96.36.199
After a standard system update you need to restart your browser to make all
the necessary changes.