Your submission was sent successfully! Close

USN-1735-1: OpenJDK vulnerabilities

21 February 2013

Several security issues were fixed in OpenJDK.

Releases

Packages

Details

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in OpenJDK was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to cause a
denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)

A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-1485)

Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2013-1486, CVE-2013-1487)

Related notices