| ||||||||||||||||||||||
Ubuntu alert USN-1079-1 (openjdk-6)
=========================================================== Ubuntu Security Notice USN-1079-1 March 01, 2011 openjdk-6 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: icedtea6-plugin 6b20-1.9.7-0ubuntu1~9.10.1 openjdk-6-jre 6b20-1.9.7-0ubuntu1~9.10.1 openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1~9.10.1 openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1~9.10.1 Ubuntu 10.04 LTS: icedtea6-plugin 6b20-1.9.7-0ubuntu1~10.04.1 openjdk-6-jre 6b20-1.9.7-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1~10.04.1 openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1~10.04.1 Ubuntu 10.10: icedtea6-plugin 6b20-1.9.7-0ubuntu1 openjdk-6-jre 6b20-1.9.7-0ubuntu1 openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1 openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1 After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448) It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450) It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465) It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469) It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470) It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471) It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472) Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476) It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706) Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 132023 8f8f9a8e3c033dbb852547dcfaa9213b http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 3018 9a6f0f82ce6e6963199fa5f1e0da963a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 73265927 c7367808152f71091603546acca43633 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 19980542 c56f9b378efdad1e9f0e6612eedb14f7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 6168608 3193825377cfc1b486c2ab8ad1995d5a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 26867734 4764b5997e7f34e22a0cde19ea31e230 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 433362 194f199c99819e8230676d9f5d370520 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 83644 1850fd6280ba241df9afde6ebe99912f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 119625978 0d16cfb58e678ba32291d17c6d549d9c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2364474 d4eaa941ec07ca4514c52c76d05fa25d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 10865094 d7640162bc43f00bbe3f12dc2e49bac7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 25652090 e8558953483cec1a6ae3dadf60cfb368 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 270614 2fcec193a6f2f8ad0a22463af666be35 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 5595434 2c2e3038fe36644ccdb150442f166976 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 418330 b3381b114b8f3d75dcf889b047695a9f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 79216 1fe94a88a1519ed36fc6b02e383e8730 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 173001600 360b4b602a9d47c8849d8ed34f6fbb36 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2351062 f12b8f456b08e941c8fc72cf175cc6c2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 10860096 f8a4b1b7b634bf676c49d8c10e98e90d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 27503578 b2268b855dd46ab7d09d687018dc1bab http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 255760 eaa165fe5896e278c1556e06b359ba5a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 5090354 3200d4375dc339d7bea9bf6891371e8a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-j... Size/MD5: 422460 c1860838f90962bd062bc94e15a54882 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-pl... Size/MD5: 81886 fe55f899cbd5229d2a0bc700c5adcbaf http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 173186376 5f012c5e1da278fd45768c0f3d03fdbd http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 2348232 c299fb1a25242f12d5ac6d64bbee37b9 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 10856042 01d04643edafefa871c3097c20620004 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 27546882 cac5bed09db3d8ab61d037bb4f072c9d http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 251964 f6cf95b2324ccdc94c32ca6f028a05c2 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk... Size/MD5: 5080344 e539a9d0ccaed2e5ab986439d5b936d1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-pl... Size/MD5: 79628 2d9343fbbfb3354635ff44ad959f675a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 119246950 959d148ae623498f4771b5a5c047c144 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 2364678 efa3630d68a7dd14a310661f306287ad http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 10861170 3fd7739be63e6a7db17bfa1feb699743 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 27390710 0f1a7e8cd028570183bc794d3829657a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 256834 9e9918705b010beb561d4c3d954ab1c9 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 131924 fb001ec87e0d1eede115ebea43284a18 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 3077 83502b062785deb8f22fc8e4041b47f9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 73265927 c7367808152f71091603546acca43633 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 19980692 4c61d9b4f4083542287ae07afac74ca1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 6155846 8dc7a0e065b6fd89eef7a709187ce2de http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 26867826 304a038eeeae71442b4e501b3e283714 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 434572 e1fc47200cf11b3c81a8e6639c80e382 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 84120 3bcde6d60e334229526d60db1b498938 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 119346732 c7629c22f432fb7fc10231d6897a946d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2385162 d4353bd1f6c45d0651e603866121664d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 11089866 0184ade5d87685c2a7307c575a540e9f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 25658636 9c13db46dcb373942672f3967d5548a2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 270708 f6d713158d9932df48164c891d3eb145 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 2267148 a44010b2453cce581860e870f32dd087 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 415624 d15cc6c0c52d503c38f98faff1bc30e2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 79614 077be5976430a61454f8523a0c95e9b9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 172710800 fd4c441fe3d9f0c774cca6a67a895bff http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2351412 b085460c2ba7349a7958272976655f05 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 10866004 fdd33f76031612cd89241c10985e7f57 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 27524020 34ba802f981629a53afb5873be695257 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 255930 e0399bdfc68f3d5f62a584bb95b48a8d http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 1950358 a284c70b9f14e1b5c867fd1202d08f4c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-j... Size/MD5: 445820 d6a7b3a6c5f189778835cf34628b7ddd http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-pl... Size/MD5: 83644 c0257ca2ef07736055eb16433168af41 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 103439294 f09b1899938c0182f7ce902edfaaf317 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 2365544 274fe490551a9b1f401f8fa5553520c8 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 8800212 198652d4cdfdf0c556d2bbb8bef737d8 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 23984718 cdc5f5218f5a52e43e851669c83bc78a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 275112 d6d1d43bdc1ffc183ff445ab13520d99 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk... Size/MD5: 2081124 8331f8dd7984affdf80b6f9d23730092 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-pl... Size/MD5: 77768 5c106bae12bb4179d85fff87223c99e1 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 119229200 36817084227488a4e1a492f7e31401fc http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 2365852 820fbb1e9582d1d873d91628212b9318 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 10890122 44edcc5ec2865e1ccf83fa6078f2ba41 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 27312064 b14155e1c81c72e8cc417b048e0bd248 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 257342 b32c4d79c2c40d7e4fbb64eaf2526855 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 134634 7aedf5fbd40f1f2130973bfefe27967f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 3004 51ee24f36d60d02346ee005c0aee2088 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 73265927 c7367808152f71091603546acca43633 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 20562864 46095f1897eea0e6d70423d7a23269c6 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 6198968 774addae41a72893e60f02650de568b7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 26928136 10019899c8fc6063e8b643a3d0829aa7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 433966 6c101b0579693816e711cdc9d76c3bab http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 83388 359c1e0d27682752a895345af75b47f4 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 119379672 d136a0ab23a9bf7c07b24812599d07bb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2380008 37eb9917cd8fcf9f08f7ca77890277e0 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 11087378 a77b777520f47ce4bff9437eb26129ed http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 25646582 1f645f4e5c95b63633baae8f7ab9fda8 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 266940 de3f27cae5f34810e42c470d18fefecc http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 2268542 f23b61fe5f230e554fb41a3ff323672f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 417050 9c003b4582a4e6b7d97ba8bbb18b80b2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/i... Size/MD5: 78710 771ce5238b907b978b3a7b67230dbca4 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 172785086 09ec100605da4543d8231f4ca6cf4704 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 2356270 4286ca0e879d8f3f5eca9c25cf9164a3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 11080866 7c7b7961c81029664a5c06f2760574f9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 27498842 f697dde85d12ccd09b03278ad1f82d4b http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/o... Size/MD5: 251716 d7780c05caa3795f8d85f0377fe8cb33 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk... Size/MD5: 1948114 ad3d65cf6efa37624c258e3402403a2e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-j... Size/MD5: 445086 c7b85f64fb0604452ff4cbb93330cc3b http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-pl... Size/MD5: 82778 a0b66d5cc190a476807f6e62c9a760bb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 103486780 19b9ec766df638f96405821ca0cf3ee9 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-d... Size/MD5: 2363402 8fbddd30efec8ec28b18ebe2d483d657 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 8794584 7c9fc5c447ec6d8c8a8e10ec263c87b0 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 23970202 11a3b23dc513235f424a2839f36c6dad http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-j... Size/MD5: 270480 40f0248590069e6cdc330fe0f7d42abf http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk... Size/MD5: 2080594 d3662a60a1d921f02a4594991c54c7e2 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
||||||||||||||||||||||