USN-2319-2: OpenJDK 7 regression
Publication date
26 August 2014
Overview
USN-2319-1 introduced a regression in OpenJDK 7.
Releases
Packages
- openjdk-7 - Open Source Java implementation
Details
USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream
regression, verifying of the init method call would fail when it was done
from inside a branch when stack frames are activated. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219,
CVE-2014-4223, CVE-2014-4262)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information...
USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream
regression, verifying of the init method call would fail when it was done
from inside a branch when stack frames are activated. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216, CVE-2014-4219,
CVE-2014-4223, CVE-2014-4262)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244,
CVE-2014-4263)
Two vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-4218, CVE-2014-4266)
A vulnerability was discovered in the OpenJDK JRE related to availability.
An attacker could exploit this to cause a denial of service.
(CVE-2014-4264)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268)
Update instructions
After a standard system update you need to restart any Java applications to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 LTS trusty | icedtea-7-jre-jamvm – 7u65-2.5.1-4ubuntu1~0.14.04.2 | ||
| openjdk-7-jre – 7u65-2.5.1-4ubuntu1~0.14.04.2 | |||
| openjdk-7-jre-headless – 7u65-2.5.1-4ubuntu1~0.14.04.2 | |||
| openjdk-7-jre-lib – 7u65-2.5.1-4ubuntu1~0.14.04.2 | |||
| openjdk-7-jre-zero – 7u65-2.5.1-4ubuntu1~0.14.04.2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.