Canonical Repairs OpenJDK Vulnerabilities for Ubuntu 12.10 and Ubuntu 12.04 LTS

On February 21, in a security notice Canonical published details about OpenJDK vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in OpenJDK. For example, it was discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

Also, a vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity.

Users can simply fix the security flaws by upgrading the operating systems to the openjdk and icedtea, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. After a standard system update, you need to restart any Java applications or applets to make all the necessary changes.