Executive Summary

Summary
Title OpenJDK 7 vulnerability
Informations
Name USN-2818-1 First vendor Publication 2015-11-25
Vendor Ubuntu Last vendor Modification 2015-11-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS

Summary:

A security issue was fixed in OpenJDK 7.

Software Description: - openjdk-7: Open Source Java implementation

Details:

It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.10.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.10.1

Ubuntu 15.04:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.15.04.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:
icedtea-7-jre-jamvm 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-headless 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-lib 7u91-2.6.3-0ubuntu0.14.04.1
openjdk-7-jre-zero 7u91-2.6.3-0ubuntu0.14.04.1

After a standard system update you need to restart any Java applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2818-1
CVE-2015-4871

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/openjdk-7/7u91-2.6.3-0ubuntu0.14.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2818-1

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1

Nessus® Vulnerability Scanner

Date Description
2016-07-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-1430.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-14.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-11.nasl - Type : ACT_GATHER_INFO
2016-02-10 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-643.nasl - Type : ACT_GATHER_INFO
2016-02-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-115.nasl - Type : ACT_GATHER_INFO
2016-02-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-110.nasl - Type : ACT_GATHER_INFO
2016-02-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-107.nasl - Type : ACT_GATHER_INFO
2016-01-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0269-1.nasl - Type : ACT_GATHER_INFO
2016-01-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0265-1.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0053.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0054.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0053.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0054.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0053.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0054.nasl - Type : ACT_GATHER_INFO
2016-01-14 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0113-1.nasl - Type : ACT_GATHER_INFO
2015-12-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2268-1.nasl - Type : ACT_GATHER_INFO
2015-12-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2168-2.nasl - Type : ACT_GATHER_INFO
2015-12-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a5934ba8a37611e585e914dae9d210b8.nasl - Type : ACT_GATHER_INFO
2015-12-15 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_oct2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-12-09 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2216-1.nasl - Type : ACT_GATHER_INFO
2015-12-04 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2182-1.nasl - Type : ACT_GATHER_INFO
2015-12-03 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2168-1.nasl - Type : ACT_GATHER_INFO
2015-12-03 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-2166-1.nasl - Type : ACT_GATHER_INFO
2015-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2818-1.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2509.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2507.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2506.nasl - Type : ACT_GATHER_INFO
2015-11-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3401.nasl - Type : ACT_GATHER_INFO
2015-10-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1927.nasl - Type : ACT_GATHER_INFO
2015-10-22 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2015.nasl - Type : ACT_GATHER_INFO
2015-10-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2015_unix.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-12-01 13:26:35
  • Multiple Updates
2015-11-25 21:24:02
  • First insertion