Univention Bugzilla – Bug 40043
openjdk-7: Multiple issues (4.1)
Last modified: 2016-10-05 12:46:53 CEST
+++ This bug was initially created as a clone of Bug #40042 +++ New issues fixed in Debian package version 7u85-2.6.1-6~deb7u1: * Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4881, CVE-2015-4883) * A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2015-4806) * A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-4872) * Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-4734, CVE-2015-4840, CVE-2015-4842, CVE-2015-4903) * Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-4803, CVE-2015-4882, CVE-2015-4893, CVE-2015-4911) -- CVE descriptions courtesy of Ubuntu.
Updated to 7u91-2.6.3-1~deb7u1 Tests (i386): OK Advisory: openjdk-7.yaml r66133
OK: DEBIAN_FRONTEND=noninteractive apt-get install --reinstall -y openjdk-7-jdk OK: advisory OK: manual test: # cat >>Hello.java <<__JAVA__ public class Hello { public static void main(String[] args) { System.out.println("Hello UCS"); } } __JAVA__ # javac Hello.java # java -cp . Hello Hello UCS
This openjdk-7 version needs lksctp-tools to be made maintained.
An advisory was added in r66715 and package was built in scope ucs_4.1-0-errata4.1-0.
<http://errata.software-univention.de/ucs/4.1/47.html>
<http://errata.software-univention.de/ucs/4.1/55.html>
Note: 7u91-2.6.3-1~deb7u1 also fixed CVE-2015-4871