Univention Bugzilla – Bug 35381
openjdk-6: Multiple security issues (3.2)
Last modified: 2014-12-19 14:00:27 CET
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CVE-2014-4219 CVE-2014-4216 CVE-2014-4262 CVE-2014-4209 CVE-2014-4218 CVE-2014-4252 CVE-2014-4268 CVE-2014-4244 CVE-2014-4263
Plus CVE-2014-2490 and CVE-2014-4266
New issues from http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html : Insufficient permission checks in system logging (CVE-2014-6506) Information disclosure in ICU/2D (CVE-2014-6511) Information disclosure in Hotspot (CVE-2014-6504) XEE in the Stax parser (CVE-2014-6517) Insufficient name checks for resource bundles (CVE-2014-6531) Missing source checks in datagram sockets (CVE-2014-6512) Handshake attack on JSSE (CVE-2014-6457) Insecure logging (CVE-2014-6502) Incorrect exception handling in CipherInputStream (CVE-2014-6558)
On more issue has been fixed in recent CPU: TLS/SSL handshake attack (CVE-2014-6457)
The updated package has been built, tests were successful. YAML file: 2014-12-17-openjdk-6.yaml
Tests (amd64): OK Advisory: Missing
(In reply to Janek Walkenhorst from comment #5) > Tests (amd64): OK > Advisory: Missing Now commited.
(In reply to Moritz Muehlenhoff from comment #6) > (In reply to Janek Walkenhorst from comment #5) > > Tests (amd64): OK > > Advisory: Missing > > Now commited. (Bug number fixed) Advisory: OK
http://errata.univention.de/ucs/3.2/266.html