** Visibility changed to: Public -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in Ubuntu. https://bugs.launchpad.net/bugs/881217
Title: openjdk 6 needs updated to protect against remotely exploitable attacks Status in “openjdk-6” package in Ubuntu: New Bug description: Currently openjdk on ubuntu is at 20 or 23 depending on the ubuntu release. Openjdk release of 29 includes security fixes on top of 26. Of those 20 security fixes 19 are remotely exploitable without authentication: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html "This Critical Patch Update contains 20 new security fixes for Oracle Java SE. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. " That is just for release 29 every even release before 29 all the way to 20 contains security fixes. Ubuntu should upgrade openjdk versions on all support ubuntu releases to plug security vulnerabilities existing in openjdk releases 20 and 23. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: openjdk-6-jre-headless 6b22-1.10.2-0ubuntu1~11.04.1 ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8 Uname: Linux 2.6.38-11-generic x86_64 Architecture: amd64 Date: Mon Oct 24 20:49:23 2011 ExecutablePath: /usr/lib/jvm/java-6-openjdk/jre/bin/java ProcEnviron: SHELL=/bin/bash PATH=(custom, user) LANG=en_US.UTF-8 LANGUAGE=en_US:en SourcePackage: openjdk-6 UpgradeStatus: Upgraded to natty on 2011-05-17 (160 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/881217/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
