← Back to team overview

openjdk team mailing list archive

[Bug 881217] Re: openjdk 6 needs updated to protect against remotely exploitable attacks

 

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in Ubuntu.
https://bugs.launchpad.net/bugs/881217

Title:
  openjdk 6 needs updated to protect against remotely exploitable
  attacks

Status in “openjdk-6” package in Ubuntu:
  New

Bug description:
  Currently openjdk on ubuntu is at 20 or 23 depending on the ubuntu
  release.  Openjdk release of 29 includes security fixes on top of 26.
  Of those 20 security fixes 19 are remotely exploitable without
  authentication:

  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 
  "This Critical Patch Update contains 20 new security fixes for Oracle Java SE.  19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. "

  That is just for release 29 every even release before 29 all the way
  to 20 contains security fixes.

  Ubuntu should upgrade openjdk versions on all support ubuntu releases
  to plug security vulnerabilities existing in openjdk releases 20 and
  23.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: openjdk-6-jre-headless 6b22-1.10.2-0ubuntu1~11.04.1
  ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic x86_64
  Architecture: amd64
  Date: Mon Oct 24 20:49:23 2011
  ExecutablePath: /usr/lib/jvm/java-6-openjdk/jre/bin/java
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, user)
   LANG=en_US.UTF-8
   LANGUAGE=en_US:en
  SourcePackage: openjdk-6
  UpgradeStatus: Upgraded to natty on 2011-05-17 (160 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/881217/+subscriptions