- Vulnerability/
- USN-2696-1
USN-2696-1: OpenJDK 7 vulnerabilities
First published: Thu Jul 30 2015(Updated: )
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748) Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000, CVE-2015-2625, CVE-2015-2613) As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by default. As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by default, preventing a possible downgrade attack. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632) A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A remote attacker could exploit this to cause a denial of service. (CVE-2015-4749)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/icedtea-7-jre-jamvm | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/openjdk-7-jdk | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/openjdk-7-jre | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-headless | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-lib | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-zero | <7u79-2.5.6-0ubuntu1.15.04.1 | 7u79-2.5.6-0ubuntu1.15.04.1 |
| Ubuntu Ubuntu | =15.04 | |
| All of | ||
| ubuntu/icedtea-7-jre-jamvm | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/openjdk-7-jdk | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/openjdk-7-jre | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-headless | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-lib | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/openjdk-7-jre-zero | <7u79-2.5.6-0ubuntu1.14.04.1 | 7u79-2.5.6-0ubuntu1.14.04.1 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2015-2808
- https://ubuntu.com/security/CVE-2015-2625
- https://ubuntu.com/security/CVE-2015-4760
- https://ubuntu.com/security/CVE-2015-2601
- https://ubuntu.com/security/CVE-2015-4748
- https://ubuntu.com/security/CVE-2015-4749
- https://ubuntu.com/security/CVE-2015-2613
- https://ubuntu.com/security/CVE-2015-2621
- https://ubuntu.com/security/CVE-2015-4000
- https://ubuntu.com/security/CVE-2015-2628
- https://ubuntu.com/security/CVE-2015-4731
- https://ubuntu.com/security/CVE-2015-2590
- https://ubuntu.com/security/CVE-2015-4732
- https://ubuntu.com/security/CVE-2015-4733
- https://ubuntu.com/security/CVE-2015-2632
- https://ubuntu.com/security/notices/USN-2696-1/CVE-2015-4000
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam
- https://ubuntu.com/security/notices/2696-1
- https://ubuntu.com/security/notices/USN-2706-1
- https://ubuntu.com/security/notices/USN-2740-1
- https://ubuntu.com/security/notices/USN-2673-1
- https://ubuntu.com/security/notices/USN-2656-1
- https://ubuntu.com/security/notices/USN-2656-2
- https://launchpad.net/ubuntu/+source/openjdk-7/7u79-2.5.6-0ubuntu1.15.04.1
- https://launchpad.net/ubuntu/+source/openjdk-7/7u79-2.5.6-0ubuntu1.14.04.1
- https://ubuntu.com/security/notices/USN-2696-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for OpenJDK 7 vulnerabilities?
The vulnerability ID for OpenJDK 7 vulnerabilities is CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732, CVE-2015-4760, CVE-2015-2808, CVE-2015-2625.
What is the severity of USN-2696-1 vulnerability?
The severity of USN-2696-1 vulnerability is not specified.
How can an attacker exploit the OpenJDK 7 vulnerabilities?
An attacker can exploit the OpenJDK 7 vulnerabilities to cause a denial of service or expose sensitive data over the network.
What is the affected software for USN-2696-1 vulnerability?
The affected software for USN-2696-1 vulnerability is OpenJDK 7 JRE, OpenJDK 7 JDK, and OpenJDK 7 JRE JamVM.
How do I fix the OpenJDK 7 vulnerabilities?
To fix the OpenJDK 7 vulnerabilities, update to the remedy version 7u79-2.5.6-0ubuntu1.15.04.1 for Ubuntu 15.04 and 7u79-2.5.6-0ubuntu1.14.04.1 for Ubuntu 14.04.
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/title
- agent/tags
- agent/description
- collector/usn
- source/Ubuntu
- anchor-related/USN-2706-1
- anchor-related/USN-2740-1
- anchor-related/USN-2673-1
- anchor-related/USN-2656-1
- anchor-related/USN-2656-2
- agent/software-canonical-lookup
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/15.04
- version/ubuntu ubuntu/14.04