USN-3275-3: OpenJDK 7 regression
USN-3275-3: OpenJDK 7 regression Ubuntu Security Notice USN-3275-3 18th May, 2017 openjdk-7 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary USN-3275-2 introduced a regression in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, theupdate introduced a regression when handling TLS handshakes. Thisupdate fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension (JCE) component of OpenJDK. A local attacker could possibly use this to gain the privileges of a [ more… ]