Univention Bugzilla – Bug 29168
openjdk-6: Multiple security issues (3.1)
Last modified: 2016-08-04 16:33:13 CEST
+++ This bug was initially created as a clone of Bug #28332 +++ CVE-2012-0547 CVE-2012-1682 CVE-2012-5089 CVE-2012-5085 CVE-2012-5084 CVE-2012-5083 CVE-2012-5081 CVE-2012-5079 CVE-2012-5077 CVE-2012-5075 CVE-2012-5073 CVE-2012-5072 CVE-2012-5071 CVE-2012-5069 CVE-2012-5068 CVE-2012-3216 CVE-2012-3159 CVE-2012-3143 CVE-2012-1533 CVE-2012-1532 CVE-2012-1531
Hash-Kollisionen im Murmur-Hash-Verfahren (CVE-2012-2739, CVE-2012-5373)
- "Lucky 13" attack against TLS (CVE-2013-0169) - Access to MBeanServer is unsufficiently restricted (CVE-2013-1486)
Crashes in image processing (CVE-2013-0809, CVE-2013-1493)
Multiple new Java security issues (details are partly sparse due to Oracle disclosure policy) CVE-2013-1480 CVE-2013-1478 CVE-2013-1476 CVE-2013-1475 CVE-2013-0450 CVE-2013-0445 CVE-2013-0443 CVE-2013-0442 CVE-2013-0441 CVE-2013-0440 CVE-2013-0435 CVE-2013-0434 CVE-2013-0433 CVE-2013-0432 CVE-2013-0429 CVE-2013-0428 CVE-2013-0427 CVE-2013-0426 CVE-2013-0425 CVE-2013-0424
Multiple new Java security issues (details are sparse due to Oracle disclosure policy) CVE-2013-0401 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html#PatchTable CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2469 CVE-2013-2459 CVE-2013-3743 CVE-2013-2445 CVE-2013-2448 CVE-2013-2461 CVE-2013-2407 CVE-2013-2454 CVE-2013-2444 CVE-2013-2446 CVE-2013-2457 CVE-2013-2453 CVE-2013-2443 CVE-2013-2452 CVE-2013-2455 CVE-2013-2447 CVE-2013-2450 CVE-2013-2456 CVE-2013-2412 CVE-2013-2451 CVE-2013-1500
Additional Java issues: CVE-2013-1571 CVE-2013-2412 CVE-2013-2443 CVE-2013-2453 CVE-2013-2456 CVE-2013-2457
CVE-2013-2464 only affects Oracle Java, not OpenJDK.
*** Bug 32641 has been marked as a duplicate of this bug. ***
New issues have been disclosed by Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5782 CVE-2013-5830 CVE-2013-5809 CVE-2013-5829 CVE-2013-5814 CVE-2013-5817 CVE-2013-5842 CVE-2013-5850 CVE-2013-5802 CVE-2013-3829 CVE-2013-5825 CVE-2013-4002 CVE-2013-5778 CVE-2013-5820 CVE-2013-5840 CVE-2013-5774 CVE-2013-5780 CVE-2013-5849 CVE-2013-5790 CVE-2013-5784 CVE-2013-5797 CVE-2013-5772
One additional CVE: CVE-2013-5850
One additional ID: CVE-2013-5823
New issues: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html CVE-2013-5907 CVE-2014-0428 CVE-2014-0422 CVE-2013-5893 CVE-2014-0417 CVE-2014-0373 CVE-2013-5878 CVE-2014-0423 CVE-2013-5884 CVE-2013-5896 CVE-2014-0416 CVE-2014-0368 CVE-2014-0376 CVE-2013-5910 CVE-2014-0411
Insecure temp file handling in unpack2000 tool (CVE-2014-1876)
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html: CVE-2014-0429 CVE-2014-0457 CVE-2014-0456 CVE-2014-2421 CVE-2014-2397 CVE-2014-0461 CVE-2014-2412 CVE-2014-0451 CVE-2014-0458 CVE-2014-2423 CVE-2014-0452 CVE-2014-2414 CVE-2014-0446 CVE-2014-2427 CVE-2014-0460 CVE-2014-2403 CVE-2014-0453 CVE-2014-2398 CVE-2014-1876
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.