First Last Prev Next    This bug is not in your last search results.
Bug 38303 - openjdk-6 (3.2)
openjdk-6 (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P4 normal (vote)
: UCS 3.2-6-errata
Assigned To: Arvid Requate
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-20 15:24 CEST by Arvid Requate
Modified: 2015-08-21 13:13 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-20 15:24:54 CEST 
New security vulnerabilities have been reported for openssl-6.

Specific details are not available:
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Incorrect handling of phantom references (CVE-2015-0460)
Layout engine glyphStorage off-by-one (CVE-2015-0469)
Incorrect permissions check in resource loading (CVE-2015-0477)
RSA implementation hardening (CVE-2015-0478)
Jar directory traversal issues (CVE-2015-0480)
Certificate options parsing uncaught exception (CVE-2015-0488)
Comment 1 Arvid Requate univentionstaff 2015-05-07 17:10:56 CEST 
This is openjdk-6..

Fixed in upstream Debian package version 6b35-1.13.7-1~deb6u1
Comment 2 Arvid Requate univentionstaff 2015-07-15 23:12:01 CEST 
New issues reported, see Bug 38929.
Comment 3 Arvid Requate univentionstaff 2015-08-14 10:41:29 CEST 
Also fixed in that release:

* bypass certain Java sandbox restrictions by untrusted Java application or app due to incorrect handling of default methods (CVE-2015-0470)
Comment 4 Arvid Requate univentionstaff 2015-08-18 13:46:29 CEST 
CVE-2015-0470 doesn't affect openjdk-6.

Advisory: 2015-08-18-openjdk-6.yaml
Comment 5 Janek Walkenhorst univentionstaff 2015-08-19 18:41:44 CEST 
Advisory: OK
Tests: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-08-21 13:13:57 CEST 
<http://errata.univention.de/ucs/3.2/359.html>
First Last Prev Next    This bug is not in your last search results.