USN-2696-1 OpenJDK 7 Vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- openjdk-7 - Open Source Java implementation
Description
Several security issues were fixed in OpenJDK 7.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Ruby buildpack versions 1.6.1 and earlier
- Java buildpack versions 3.1 and earlier
- tc Server buildpack versions 3.1 and earlier
- Pivotal Elastic Runtime versions 1.5.2 and earlier.
Mitigation
Users of affected versions should apply the following mitigation:
- Pivotal has released the following buildpack updates that apply patches resolving these issues:
- Ruby Buildpack 1.6.2
- Java Buildpack 3.1.1(note that this buildpack patch is integrated directly into the 1.5.3 version of Elastic Runtime and there is no need to independently update it if an operator is upgrading Elastic Runtime as well)
- tc Server Buildpack 3.1.1
- Pivotal recommends that customers upgrade to the 1.5.3 versions of the Elastic Runtime product, which is now available on Pivotal Network. These new version contains an updated release of OpenJDK 7, resolving the identified vulnerabilities.