Bug 38302

Summary: openjdk-7 (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P5 CC: gohmann, schwardt
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:

Description Arvid Requate univentionstaff 2015-04-20 15:23:52 CEST 
New security vulnerabilities have been reported in openssl-7.

Specific details are not available:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Incorrect handling of phantom references (CVE-2015-0460)
Layout engine glyphStorage off-by-one (CVE-2015-0469)
Incorrect permissions check in resource loading (CVE-2015-0477)
RSA implementation hardening (CVE-2015-0478)
Jar directory traversal issues (CVE-2015-0480)
Certificate options parsing uncaught exception (CVE-2015-0488)
Comment 1 Arvid Requate univentionstaff 2015-05-28 13:03:27 CEST 
Fixed in upstream Debian package version 7u79-2.5.5-1~deb7u1
Comment 2 Philipp Hahn univentionstaff 2015-07-06 15:38:13 CEST 
repo_admin.py -U -p openjdk-7 -d wheezy -r 4.0-0-0 -s errata4.0-2

r14912 | Bug #38302: OpenJDK-7
 Refresh patches

build-package-ng -r 4.0-0-0 -P ucs -s errata4.0-2 --no-pbuilder-update -p openjdk-7

Package: openjdk-7
Version: 7u79-2.5.5-1.14.201507031547
Branch: ucs_4.0-0-errata4.0-2
Scope: errata4.0-2

r61807 | Bug #38302: OpenJDK-7 YAML
 2015-07-06-openjdk-7.yaml
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-07-09 01:50:27 CEST 
I'm not sure if it's a real problem or just an interims bug:

The installation of univention-ox-meta-singleserver fails if the errata4.0-2 scope is included:

univention-install univention-ox-meta-singleserver univention-ox univention-java openjdk-7-jre openjdk-7-jre-headless
[…]
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 openjdk-7-jre-headless : Hängt ab von: libnss3 (>= 2:3.17.1) aber 2:3.14.5-1.27.201502031418 soll installiert werden
Comment 4 Philipp Hahn univentionstaff 2015-07-09 22:42:09 CEST 
r14943 | Bug #38302: OpenJDK-7
 Fix variable name

Package: openjdk-7
Version: 7u79-2.5.5-1.15.201507090942
Branch: ucs_4.0-0
Scope: errata4.0-2

r62012 | Bug #38302: OpenJDK-7 YAML
 2015-07-06-openjdk-7.yaml
Comment 5 Janek Walkenhorst univentionstaff 2015-07-15 19:39:35 CEST 
Tests (amd64): OK
Advisory: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-07-16 16:52:22 CEST 
<http://errata.univention.de/ucs/4.0/246.html>
Comment 7 Arvid Requate univentionstaff 2015-08-14 10:38:13 CEST 
For the record: This also has been fixed with this update:

* bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)