Bug 35381 - openjdk-6: Multiple security issues (3.2)
openjdk-6: Multiple security issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P2 normal (vote)
: UCS 3.2-4-errata
Assigned To: Moritz Muehlenhoff
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-16 09:40 CEST by Moritz Muehlenhoff
Modified: 2014-12-19 14:00 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-07-16 09:40:01 CEST
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

CVE-2014-4219 CVE-2014-4216 CVE-2014-4262 CVE-2014-4209 CVE-2014-4218 CVE-2014-4252 CVE-2014-4268 CVE-2014-4244 CVE-2014-4263
Comment 1 Moritz Muehlenhoff univentionstaff 2014-07-17 07:51:40 CEST
Plus CVE-2014-2490 and CVE-2014-4266
Comment 2 Moritz Muehlenhoff univentionstaff 2014-10-15 14:43:47 CEST
New issues from http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html :

Insufficient permission checks in system logging (CVE-2014-6506)
Information disclosure in ICU/2D (CVE-2014-6511)
Information disclosure in Hotspot (CVE-2014-6504)
XEE in the Stax parser (CVE-2014-6517)
Insufficient name checks for resource bundles (CVE-2014-6531)
Missing source checks in datagram sockets (CVE-2014-6512)
Handshake attack on JSSE (CVE-2014-6457)
Insecure logging (CVE-2014-6502)
Incorrect exception handling in CipherInputStream (CVE-2014-6558)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-10-23 14:10:46 CEST
On more issue has been fixed in recent CPU:
TLS/SSL handshake attack (CVE-2014-6457)
Comment 4 Moritz Muehlenhoff univentionstaff 2014-12-18 12:57:04 CET
The updated package has been built, tests were successful.

YAML file: 2014-12-17-openjdk-6.yaml
Comment 5 Janek Walkenhorst univentionstaff 2014-12-18 18:18:08 CET
Tests (amd64): OK
Advisory: Missing
Comment 6 Moritz Muehlenhoff univentionstaff 2014-12-19 07:20:46 CET
(In reply to Janek Walkenhorst from comment #5)
> Tests (amd64): OK
> Advisory: Missing

Now commited.
Comment 7 Janek Walkenhorst univentionstaff 2014-12-19 12:33:10 CET
(In reply to Moritz Muehlenhoff from comment #6)
> (In reply to Janek Walkenhorst from comment #5)
> > Tests (amd64): OK
> > Advisory: Missing
> 
> Now commited.
(Bug number fixed) Advisory: OK
Comment 8 Janek Walkenhorst univentionstaff 2014-12-19 14:00:27 CET
http://errata.univention.de/ucs/3.2/266.html