Bug 38303 - openjdk-6 (3.2)
openjdk-6 (3.2)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-6-errata
Assigned To: Arvid Requate
Janek Walkenhorst
Depends on:
  Show dependency treegraph
Reported: 2015-04-20 15:24 CEST by Arvid Requate
Modified: 2015-08-21 13:13 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-20 15:24:54 CEST
New security vulnerabilities have been reported for openssl-6.

Specific details are not available:

Incorrect handling of phantom references (CVE-2015-0460)
Layout engine glyphStorage off-by-one (CVE-2015-0469)
Incorrect permissions check in resource loading (CVE-2015-0477)
RSA implementation hardening (CVE-2015-0478)
Jar directory traversal issues (CVE-2015-0480)
Certificate options parsing uncaught exception (CVE-2015-0488)
Comment 1 Arvid Requate univentionstaff 2015-05-07 17:10:56 CEST
This is openjdk-6..

Fixed in upstream Debian package version 6b35-1.13.7-1~deb6u1
Comment 2 Arvid Requate univentionstaff 2015-07-15 23:12:01 CEST
New issues reported, see Bug 38929.
Comment 3 Arvid Requate univentionstaff 2015-08-14 10:41:29 CEST
Also fixed in that release:

* bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)
Comment 4 Arvid Requate univentionstaff 2015-08-18 13:46:29 CEST
CVE-2015-0470 doesn't affect openjdk-6.

Advisory: 2015-08-18-openjdk-6.yaml
Comment 5 Janek Walkenhorst univentionstaff 2015-08-19 18:41:44 CEST
Advisory: OK
Tests: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-08-21 13:13:57 CEST