14 DAY TRIAL // Canonical has provided information about an OpenJDK 7 regression that has been found and corrected in its Ubuntu 14.04 LTS (Trusty Tahr) operating system.
Canonical releases numerous updates for its supported operating systems, but some problems are actually created with the patches. These are called regressions and they are repaired with a new patch that corrects the problems.
“Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network,” said the original advisory notice for the vulnerability.
The developers have now issued a new update and explained what happened. “USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated.”
For a more detailed description of the problems, you can see Canonical's security notification.
The flaws can be fixed if you upgrade your system(s) to the latest openjdk packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes and you will have to restart all the Java applications.