USN-3154-1: OpenJDK 6 vulnerabilities
USN-3154-1: OpenJDK 6 vulnerabilities Ubuntu Security Notice USN-3154-1 7th December, 2016 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details It was discovered that OpenJDK did not restrict the set of algorithms usedfor Jar integrity verification. An attacker could use this to modifywithout detection the content of a JAR file, affecting system integrity.(CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficientlyperform classloader consistency checks. An attacker could use this tobypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properlycheck received Java Debug Wire Protocol (JDWP) packets. An attacker coulduse this to send debugging commands to a Java application with debuggingenabled. (CVE-2016-5573) [ more… ]