USN-1735-1: OpenJDK vulnerabilities
21 February 2013
Several security issues were fixed in OpenJDK.
Releases
Packages
Details
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in OpenJDK was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)
A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-1485)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2013-1486, CVE-2013-1487)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10
-
openjdk-7-jre-zero
-
7u15-2.3.7-0ubuntu1~12.10
-
icedtea-7-jre-jamvm
-
7u15-2.3.7-0ubuntu1~12.10
-
icedtea-7-jre-cacao
-
7u15-2.3.7-0ubuntu1~12.10
-
openjdk-7-jre-lib
-
7u15-2.3.7-0ubuntu1~12.10
-
openjdk-7-jre-headless
-
7u15-2.3.7-0ubuntu1~12.10
-
openjdk-7-jre
-
7u15-2.3.7-0ubuntu1~12.10
Ubuntu 12.04
-
icedtea-6-jre-cacao
-
6b27-1.12.3-0ubuntu1~12.04
-
icedtea-6-jre-jamvm
-
6b27-1.12.3-0ubuntu1~12.04
-
openjdk-6-jre
-
6b27-1.12.3-0ubuntu1~12.04
-
openjdk-6-jre-headless
-
6b27-1.12.3-0ubuntu1~12.04
-
openjdk-6-jre-zero
-
6b27-1.12.3-0ubuntu1~12.04
-
openjdk-6-jre-lib
-
6b27-1.12.3-0ubuntu1~12.04
Ubuntu 11.10
-
icedtea-6-jre-cacao
-
6b27-1.12.3-0ubuntu1~11.10
-
icedtea-6-jre-jamvm
-
6b27-1.12.3-0ubuntu1~11.10
-
openjdk-6-jre
-
6b27-1.12.3-0ubuntu1~11.10
-
openjdk-6-jre-headless
-
6b27-1.12.3-0ubuntu1~11.10
-
openjdk-6-jre-zero
-
6b27-1.12.3-0ubuntu1~11.10
-
openjdk-6-jre-lib
-
6b27-1.12.3-0ubuntu1~11.10
Ubuntu 10.04
-
openjdk-6-jre-headless
-
6b27-1.12.3-0ubuntu1~10.04
-
openjdk-6-jre-lib
-
6b27-1.12.3-0ubuntu1~10.04
-
icedtea-6-jre-cacao
-
6b27-1.12.3-0ubuntu1~10.04
-
openjdk-6-jre
-
6b27-1.12.3-0ubuntu1~10.04
-
openjdk-6-jre-zero
-
6b27-1.12.3-0ubuntu1~10.04
This update uses a new upstream release which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
Related notices
- USN-1732-3: libssl1.0.0, openssl
- USN-1732-1: libssl1.0.0, openssl, libssl0.9.8