USN-1619-1: OpenJDK vulnerabilities

Releases

• Ubuntu 12.10
• Ubuntu 12.04
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04

Packages

• openjdk-6 - Open Source Java implementation
• openjdk-7 - Open Source Java implementation

Details

Several information disclosure vulnerabilities were discovered in the
OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,
CVE-2012-5077, CVE-2012-5085)

Vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,
CVE-2012-5086, CVE-2012-5089)

Information disclosure vulnerabilities were discovered in the OpenJDK JRE.
These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)

Vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2012-5073, CVE-2012-5079)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. This issue only affected Ubuntu 12.10.
(CVE-2012-5074)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. These issues only affected Ubuntu 12.10.
(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)

A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)

Please see the following for more information:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10

• openjdk-7-jre-zero - 7u9-2.3.3-0ubuntu1~12.10.1
• icedtea-7-jre-jamvm - 7u9-2.3.3-0ubuntu1~12.10.1
• icedtea-7-jre-cacao - 7u9-2.3.3-0ubuntu1~12.10.1
• openjdk-7-jre-lib - 7u9-2.3.3-0ubuntu1~12.10.1
• openjdk-7-jre-headless - 7u9-2.3.3-0ubuntu1~12.10.1
• openjdk-7-jre - 7u9-2.3.3-0ubuntu1~12.10.1

Ubuntu 12.04

• icedtea-6-jre-cacao - 6b24-1.11.5-0ubuntu1~12.04.1
• icedtea-6-jre-jamvm - 6b24-1.11.5-0ubuntu1~12.04.1
• openjdk-6-jre - 6b24-1.11.5-0ubuntu1~12.04.1
• openjdk-6-jre-headless - 6b24-1.11.5-0ubuntu1~12.04.1
• openjdk-6-jre-zero - 6b24-1.11.5-0ubuntu1~12.04.1
• openjdk-6-jre-lib - 6b24-1.11.5-0ubuntu1~12.04.1

Ubuntu 11.10

• icedtea-6-jre-cacao - 6b24-1.11.5-0ubuntu1~11.10.1
• icedtea-6-jre-jamvm - 6b24-1.11.5-0ubuntu1~11.10.1
• openjdk-6-jre - 6b24-1.11.5-0ubuntu1~11.10.1
• openjdk-6-jre-headless - 6b24-1.11.5-0ubuntu1~11.10.1
• openjdk-6-jre-zero - 6b24-1.11.5-0ubuntu1~11.10.1
• openjdk-6-jre-lib - 6b24-1.11.5-0ubuntu1~11.10.1

Ubuntu 11.04

• icedtea-6-jre-cacao - 6b24-1.11.5-0ubuntu1~11.04.1
• icedtea-6-jre-jamvm - 6b24-1.11.5-0ubuntu1~11.04.1
• openjdk-6-jre - 6b24-1.11.5-0ubuntu1~11.04.1
• openjdk-6-jre-headless - 6b24-1.11.5-0ubuntu1~11.04.1
• openjdk-6-jre-zero - 6b24-1.11.5-0ubuntu1~11.04.1
• openjdk-6-jre-lib - 6b24-1.11.5-0ubuntu1~11.04.1

Ubuntu 10.04

• openjdk-6-jre-headless - 6b24-1.11.5-0ubuntu1~10.04.2
• openjdk-6-jre-lib - 6b24-1.11.5-0ubuntu1~10.04.2
• icedtea-6-jre-cacao - 6b24-1.11.5-0ubuntu1~10.04.2
• openjdk-6-jre - 6b24-1.11.5-0ubuntu1~10.04.2
• openjdk-6-jre-zero - 6b24-1.11.5-0ubuntu1~10.04.2

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

• CVE-2012-1531
• CVE-2012-1532
• CVE-2012-1533
• CVE-2012-3143
• CVE-2012-3159
• CVE-2012-3216
• CVE-2012-4416
• CVE-2012-5067
• CVE-2012-5068
• CVE-2012-5069
• CVE-2012-5070
• CVE-2012-5071
• CVE-2012-5072
• CVE-2012-5073
• CVE-2012-5074
• CVE-2012-5075
• CVE-2012-5076
• CVE-2012-5077
• CVE-2012-5079
• CVE-2012-5081
• CVE-2012-5083
• CVE-2012-5084
• CVE-2012-5085
• CVE-2012-5086
• CVE-2012-5087
• CVE-2012-5088
• CVE-2012-5089