Univention Bugzilla – Bug 38302
openjdk-7 (4.0)
Last modified: 2015-08-14 10:38:13 CEST
New security vulnerabilities have been reported in openssl-7. Specific details are not available: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Incorrect handling of phantom references (CVE-2015-0460) Layout engine glyphStorage off-by-one (CVE-2015-0469) Incorrect permissions check in resource loading (CVE-2015-0477) RSA implementation hardening (CVE-2015-0478) Jar directory traversal issues (CVE-2015-0480) Certificate options parsing uncaught exception (CVE-2015-0488)
Fixed in upstream Debian package version 7u79-2.5.5-1~deb7u1
repo_admin.py -U -p openjdk-7 -d wheezy -r 4.0-0-0 -s errata4.0-2 r14912 | Bug #38302: OpenJDK-7 Refresh patches build-package-ng -r 4.0-0-0 -P ucs -s errata4.0-2 --no-pbuilder-update -p openjdk-7 Package: openjdk-7 Version: 7u79-2.5.5-1.14.201507031547 Branch: ucs_4.0-0-errata4.0-2 Scope: errata4.0-2 r61807 | Bug #38302: OpenJDK-7 YAML 2015-07-06-openjdk-7.yaml
I'm not sure if it's a real problem or just an interims bug: The installation of univention-ox-meta-singleserver fails if the errata4.0-2 scope is included: univention-install univention-ox-meta-singleserver univention-ox univention-java openjdk-7-jre openjdk-7-jre-headless […] Die folgenden Pakete haben unerfüllte Abhängigkeiten: openjdk-7-jre-headless : Hängt ab von: libnss3 (>= 2:3.17.1) aber 2:3.14.5-1.27.201502031418 soll installiert werden
r14943 | Bug #38302: OpenJDK-7 Fix variable name Package: openjdk-7 Version: 7u79-2.5.5-1.15.201507090942 Branch: ucs_4.0-0 Scope: errata4.0-2 r62012 | Bug #38302: OpenJDK-7 YAML 2015-07-06-openjdk-7.yaml
Tests (amd64): OK Advisory: OK
<http://errata.univention.de/ucs/4.0/246.html>
For the record: This also has been fixed with this update: * bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)