Bug 38302 - openjdk-7 (4.0)
openjdk-7 (4.0)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-2-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
Depends on:
  Show dependency treegraph
Reported: 2015-04-20 15:23 CEST by Arvid Requate
Modified: 2015-08-14 10:38 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-20 15:23:52 CEST
New security vulnerabilities have been reported in openssl-7.

Specific details are not available:

Incorrect handling of phantom references (CVE-2015-0460)
Layout engine glyphStorage off-by-one (CVE-2015-0469)
Incorrect permissions check in resource loading (CVE-2015-0477)
RSA implementation hardening (CVE-2015-0478)
Jar directory traversal issues (CVE-2015-0480)
Certificate options parsing uncaught exception (CVE-2015-0488)
Comment 1 Arvid Requate univentionstaff 2015-05-28 13:03:27 CEST
Fixed in upstream Debian package version 7u79-2.5.5-1~deb7u1
Comment 2 Philipp Hahn univentionstaff 2015-07-06 15:38:13 CEST
repo_admin.py -U -p openjdk-7 -d wheezy -r 4.0-0-0 -s errata4.0-2

r14912 | Bug #38302: OpenJDK-7
 Refresh patches

build-package-ng -r 4.0-0-0 -P ucs -s errata4.0-2 --no-pbuilder-update -p openjdk-7

Package: openjdk-7
Version: 7u79-2.5.5-1.14.201507031547
Branch: ucs_4.0-0-errata4.0-2
Scope: errata4.0-2

r61807 | Bug #38302: OpenJDK-7 YAML
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-07-09 01:50:27 CEST
I'm not sure if it's a real problem or just an interims bug:

The installation of univention-ox-meta-singleserver fails if the errata4.0-2 scope is included:

univention-install univention-ox-meta-singleserver univention-ox univention-java openjdk-7-jre openjdk-7-jre-headless
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 openjdk-7-jre-headless : Hängt ab von: libnss3 (>= 2:3.17.1) aber 2:3.14.5-1.27.201502031418 soll installiert werden
Comment 4 Philipp Hahn univentionstaff 2015-07-09 22:42:09 CEST
r14943 | Bug #38302: OpenJDK-7
 Fix variable name

Package: openjdk-7
Version: 7u79-2.5.5-1.15.201507090942
Branch: ucs_4.0-0
Scope: errata4.0-2

r62012 | Bug #38302: OpenJDK-7 YAML
Comment 5 Janek Walkenhorst univentionstaff 2015-07-15 19:39:35 CEST
Tests (amd64): OK
Advisory: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-07-16 16:52:22 CEST
Comment 7 Arvid Requate univentionstaff 2015-08-14 10:38:13 CEST
For the record: This also has been fixed with this update:

* bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)