[SECURITY] [DSA 3147-1] openjdk-6 security update

2015-01-3015:57:23

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.975

Percentile

100.0%

JSON

Debian Security Advisory DSA-3147-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2015 http://www.debian.org/security/faq

Package : openjdk-6
CVE ID : CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591
CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395
CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 6b34-1.13.6-1~deb7u1.

We recommend that you upgrade your openjdk-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armhfopenjdk-7-demo< 7u75-2.5.4-1~deb7u1openjdk-7-demo_7u75-2.5.4-1~deb7u1_armhf.deb
Debian7kfreebsd-i386lighttpd< 1.4.31-4+deb7u4lighttpd_1.4.31-4+deb7u4_kfreebsd-i386.deb
Debian7amd64libicu48-dbg< 4.8.1.1-12+deb7u2libicu48-dbg_4.8.1.1-12+deb7u2_amd64.deb
Debian7i386lighttpd-mod-trigger-b4-dl< 1.4.31-4+deb7u4lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u4_i386.deb
Debian6amd64libicu44-dbg< 4.4.1-8+squeeze3libicu44-dbg_4.4.1-8+squeeze3_amd64.deb
Debian7armelopenjdk-6-jre< 6b34-1.13.6-1~deb7u1openjdk-6-jre_6b34-1.13.6-1~deb7u1_armel.deb
Debian7kfreebsd-amd64lighttpd-mod-magnet< 1.4.31-4+deb7u4lighttpd-mod-magnet_1.4.31-4+deb7u4_kfreebsd-amd64.deb
Debian6allpound< 2.6-1+deb6u1pound_2.6-1+deb6u1_all.deb
Debian7sparclighttpd-mod-magnet< 1.4.31-4+deb7u4lighttpd-mod-magnet_1.4.31-4+deb7u4_sparc.deb
Debian7amd64openjdk-7-jre< 7u75-2.5.4-1~deb7u1openjdk-7-jre_7u75-2.5.4-1~deb7u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armhf	openjdk-7-demo	< 7u75-2.5.4-1~deb7u1	openjdk-7-demo_7u75-2.5.4-1~deb7u1_armhf.deb
Debian	7	kfreebsd-i386	lighttpd	< 1.4.31-4+deb7u4	lighttpd_1.4.31-4+deb7u4_kfreebsd-i386.deb
Debian	7	amd64	libicu48-dbg	< 4.8.1.1-12+deb7u2	libicu48-dbg_4.8.1.1-12+deb7u2_amd64.deb
Debian	7	i386	lighttpd-mod-trigger-b4-dl	< 1.4.31-4+deb7u4	lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u4_i386.deb
Debian	6	amd64	libicu44-dbg	< 4.4.1-8+squeeze3	libicu44-dbg_4.4.1-8+squeeze3_amd64.deb
Debian	7	armel	openjdk-6-jre	< 6b34-1.13.6-1~deb7u1	openjdk-6-jre_6b34-1.13.6-1~deb7u1_armel.deb
Debian	7	kfreebsd-amd64	lighttpd-mod-magnet	< 1.4.31-4+deb7u4	lighttpd-mod-magnet_1.4.31-4+deb7u4_kfreebsd-amd64.deb
Debian	6	all	pound	< 2.6-1+deb6u1	pound_2.6-1+deb6u1_all.deb
Debian	7	sparc	lighttpd-mod-magnet	< 1.4.31-4+deb7u4	lighttpd-mod-magnet_1.4.31-4+deb7u4_sparc.deb
Debian	7	amd64	openjdk-7-jre	< 7u75-2.5.4-1~deb7u1	openjdk-7-jre_7u75-2.5.4-1~deb7u1_amd64.deb