Ubuntu Security Notice USN-1693-1
16th January, 2013
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet.
- openjdk-7 - Open Source Java implementation
It was discovered that OpenJDK 7's security mechanism could be bypassed via
Java applets. If a user were tricked into opening a malicious website, a
remote attacker could exploit this to perform arbitrary code execution as
the user invoking the program.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 12.10:
- openjdk-7-jre-zero 7u9-2.3.4-0ubuntu220.127.116.11
- icedtea-7-jre-jamvm 7u9-2.3.4-0ubuntu18.104.22.168
- icedtea-7-jre-cacao 7u9-2.3.4-0ubuntu22.214.171.124
- openjdk-7-jre-lib 7u9-2.3.4-0ubuntu126.96.36.199
- openjdk-7-jre-headless 7u9-2.3.4-0ubuntu188.8.131.52
- openjdk-7-jre 7u9-2.3.4-0ubuntu184.108.40.206
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your browser to make all
the necessary changes.