SECURITY

Ubuntu Security Notice USN-2885-1 1st February, 2016 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure, data integrity, and availability. Anattacker could exploit these to cause a denial of service, exposesensitive data over the network, or possibly execute arbitrary code.(CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-0402) A vulnerability was discovered in the OpenJDK JRE related toinformation disclosure. An attacker could exploit this to exposesensitive data over the network. (CVE-2016-0448) A vulnerability was discovered in the OpenJDK JRE related toavailability. An attacker [ more… ]

Ubuntu Security Notice USN-2884-1 1st February, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE relatedto information disclosure, data integrity, and availability. Anattacker could exploit these to cause a denial of service, exposesensitive data over the network, or possibly execute arbitrary code.(CVE-2016-0483, CVE-2016-0494) A vulnerability was discovered in the OpenJDK JRE related to dataintegrity. An attacker could exploit this to expose sensitive dataover the network or possibly execute arbitrary code. (CVE-2016-0402) It was discovered that OpenJDK 7 incorrectly allowed MD5 to be usedfor TLS connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw could be exploited to exposesensitive [ more… ]