OpenJDK 7 Vulnerabilities Fixed in Ubuntu 12.10

On January 16, in a security notice Canonical published details about OpenJDK vulnerabilities for its Ubuntu 12.10 (Quantal Quetzal) operating systems.

According to Canonical, OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet.

If a user were tricked into opening a malicious website, a remote attacker could exploit this to perform arbitrary code execution as the user invoking the program.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the openjdk-7-jre-zero, icedtea-7-jre-jamvm, icedtea-7-jre-cacao, openjdk-7-jre-lib, openjdk-7-jre-headless, and openjdk-7-jre specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.