Ubuntu
openjdk-6 package

openjdk 6 needs updated to protect against remotely exploitable attacks

Bug #881217 reported by Mike Power
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Currently openjdk on ubuntu is at 20 or 23 depending on the ubuntu release. Openjdk release of 29 includes security fixes on top of 26. Of those 20 security fixes 19 are remotely exploitable without authentication:

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
"This Critical Patch Update contains 20 new security fixes for Oracle Java SE. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. "

That is just for release 29 every even release before 29 all the way to 20 contains security fixes.

Ubuntu should upgrade openjdk versions on all support ubuntu releases to plug security vulnerabilities existing in openjdk releases 20 and 23.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: openjdk-6-jre-headless 6b22-1.10.2-0ubuntu1~11.04.1
ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
Uname: Linux 2.6.38-11-generic x86_64
Architecture: amd64
Date: Mon Oct 24 20:49:23 2011
ExecutablePath: /usr/lib/jvm/java-6-openjdk/jre/bin/java
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_US.UTF-8
 LANGUAGE=en_US:en
SourcePackage: openjdk-6
UpgradeStatus: Upgraded to natty on 2011-05-17 (160 days ago)

Revision history for this message
Mike Power (mpower) wrote :
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.