Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2124-2
HistoryApr 08, 2014 - 12:00 a.m.

OpenJDK 6 regression

2014-04-0800:00:00
ubuntu.com
32

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.433 Medium

EPSS

Percentile

97.3%

JSON

Releases

  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • openjdk-6 - Open Source Java implementation

Details

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream
regression, memory was not properly zeroed under certain circumstances
which could lead to instability. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to expose
sensitive data over the network. (CVE-2014-0411)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5878, CVE-2013-5907, CVE-2014-0373, CVE-2014-0422,
CVE-2014-0428)

Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-5884, CVE-2014-0368)

Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-5896, CVE-2013-5910)

Two vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-0376, CVE-2014-0416)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and availability. An attacker could exploit this to expose
sensitive data over the network or cause a denial of service.
(CVE-2014-0423)

In addition to the above, USN-2033-1 fixed several vulnerabilities and bugs
in OpenJDK 6. This update introduced a regression which caused an exception
condition in javax.xml when instantiating encryption algorithms. This
update fixes the problem. We apologize for the inconvenience.

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchicedtea-6-jre-cacao< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchicedtea-6-jre-jamvm< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-dbg< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-demo< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-jdk< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-jre< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-jre-headless< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-jre-zero< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu12.04noarchopenjdk-6-jre-lib< 6b30-1.13.1-1ubuntu2~0.12.04.3UNKNOWN
Ubuntu10.04noarchopenjdk-6-jre-headless< 6b30-1.13.1-1ubuntu2~0.10.04.2UNKNOWN
Rows per page:
1-10 of 171

Related

openvas 36
amazon 2
nessus 33
ubuntu 2
oraclelinux 3
redhat 9
mageia 1
centos 3
suse 5
veracode 24
ibm 28
aix 1
f5 6
kaspersky 1
prion 13
cve 13
ubuntucve 12
checkpoint_advisories 4
zdi 2
seebug 1
openvas
openvas
CentOS Update for java CESA-2014:0097 centos5
2014-01-30 00:00:00
CentOS Update for java CESA-2014:0097 centos6
2014-01-30 00:00:00
Oracle: Security Advisory (ELSA-2014-0097)
2015-10-06 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
nessus
nessus
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)
2014-02-05 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20140127)
2014-01-28 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 regression (USN-2124-2)
2014-04-08 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
redhat
redhat
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
(RHSA-2014:0027) Important: java-1.7.0-openjdk security update
2014-01-15 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
centos
centos
java security update
2014-01-27 22:53:27
java security update
2014-01-15 11:04:23
java security update
2014-01-15 11:16:34
suse
suse
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
Security update for IBM Java 6 (important)
2014-02-24 22:04:17
Security update for IBM Java 6 (important)
2014-02-20 20:04:38
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:01:07
Sandbox Restrictions Bypass
2019-05-02 05:01:06
Sandbox Restrictions Bypass
2019-05-02 05:01:07
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2018-06-15 06:59:25
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant January 2014 CPU
2018-06-15 06:59:44
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-22 03:02:31
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
f5
f5
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
K17381 : OpenJDK vulnerability CVE-2014-0428
2015-11-03 00:00:00
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Buffer overflow
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:11:00
cve
cve
CVE-2013-5910
2014-01-15 16:08:00
CVE-2013-5896
2014-01-15 16:08:00
CVE-2013-5884
2014-01-15 16:11:00
ubuntucve
ubuntucve
CVE-2013-5896
2014-01-15 00:00:00
CVE-2013-5910
2014-01-15 00:00:00
CVE-2014-0373
2014-01-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
2014-05-08 00:00:00
Oracle Java JNDI Sandbox Bypass - Ver2 (CVE-2014-0422)
2015-05-18 00:00:00
Oracle Java JNDI Sandbox Bypass (CVE-2014-0422)
2014-02-19 00:00:00
zdi
zdi
Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
2014-04-03 00:00:00
Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability
2014-02-05 00:00:00
seebug
seebug
Oracle Java SE远程安全漏洞
2014-02-19 00:00:00

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.433 Medium

EPSS

Percentile

97.3%

JSON
Related for USN-2124-2
openvas36amazon2nessus33ubuntu2oraclelinux3redhat9mageia1centos3suse5veracode24ibm28aix1f56kaspersky1prion13cve13ubuntucve12checkpoint_advisories4zdi2seebug1