USN-1819-1: OpenJDK 6 vulnerabilities

Releases

• Ubuntu 12.04
• Ubuntu 11.10
• Ubuntu 10.04

Packages

• openjdk-6 - Open Source Java implementation

Details

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit this
to execute arbitrary code. (CVE-2013-0401)

James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit this to execute arbitrary code. (CVE-2013-1488)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,
CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,
CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,
CVE-2013-2436)

Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive data
over the network. (CVE-2013-2415, CVE-2013-2424)

Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-2417, CVE-2013-2419)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04

• icedtea-6-jre-cacao - 6b27-1.12.5-0ubuntu0.12.04.1
• icedtea-6-jre-jamvm - 6b27-1.12.5-0ubuntu0.12.04.1
• openjdk-6-jre - 6b27-1.12.5-0ubuntu0.12.04.1
• openjdk-6-jre-headless - 6b27-1.12.5-0ubuntu0.12.04.1
• openjdk-6-jre-zero - 6b27-1.12.5-0ubuntu0.12.04.1
• openjdk-6-jre-lib - 6b27-1.12.5-0ubuntu0.12.04.1

Ubuntu 11.10

• icedtea-6-jre-cacao - 6b27-1.12.5-0ubuntu0.11.10.1
• icedtea-6-jre-jamvm - 6b27-1.12.5-0ubuntu0.11.10.1
• openjdk-6-jre - 6b27-1.12.5-0ubuntu0.11.10.1
• openjdk-6-jre-headless - 6b27-1.12.5-0ubuntu0.11.10.1
• openjdk-6-jre-zero - 6b27-1.12.5-0ubuntu0.11.10.1
• openjdk-6-jre-lib - 6b27-1.12.5-0ubuntu0.11.10.1

Ubuntu 10.04

• openjdk-6-jre-headless - 6b27-1.12.5-0ubuntu0.10.04.1
• openjdk-6-jre-lib - 6b27-1.12.5-0ubuntu0.10.04.1
• icedtea-6-jre-cacao - 6b27-1.12.5-0ubuntu0.10.04.1
• openjdk-6-jre - 6b27-1.12.5-0ubuntu0.10.04.1
• openjdk-6-jre-zero - 6b27-1.12.5-0ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

• CVE-2013-0401
• CVE-2013-1488
• CVE-2013-1518
• CVE-2013-1537
• CVE-2013-1557
• CVE-2013-1558
• CVE-2013-1569
• CVE-2013-2383
• CVE-2013-2384
• CVE-2013-2415
• CVE-2013-2417
• CVE-2013-2419
• CVE-2013-2420
• CVE-2013-2421
• CVE-2013-2422
• CVE-2013-2424
• CVE-2013-2426
• CVE-2013-2429
• CVE-2013-2430
• CVE-2013-2431

Related notices

• USN-1806-1: openjdk-7, openjdk-7-jre-zero, openjdk-7-jre, icedtea-7-jre-jamvm, openjdk-7-jre-headless, openjdk-7-jre-lib
• USN-2522-1: libicu52, libicu48, icu-doc, libicu-dev, icu, icu-devtools
• USN-2522-3: libicu48, icu