Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 923-1: OpenJDK vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3protocols. If an attacker could perform a man in the middle attack at thestart of a TLS connection, the attacker could inject arbitrary contentat the beginning of the user's session. (CVE-2009-3555) [More...]
Ubuntu Security Notice USN-923-1             April 07, 2010
openjdk-6 vulnerabilities
CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,
CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
CVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  openjdk-6-jre                   6b11-2ubuntu2.2
  openjdk-6-jre-lib               6b11-2ubuntu2.2

Ubuntu 8.10:
  openjdk-6-jre                   6b12-0ubuntu6.7
  openjdk-6-jre-lib               6b12-0ubuntu6.7

Ubuntu 9.04:
  openjdk-6-jre                   6b14-1.4.1-0ubuntu13
  openjdk-6-jre-lib               6b14-1.4.1-0ubuntu13

Ubuntu 9.10:
  openjdk-6-jre                   6b16-1.6.1-3ubuntu3
  openjdk-6-jre-lib               6b16-1.6.1-3ubuntu3

After a standard system upgrade you need to restart all Java applications
to effect the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content
at the beginning of the user's session.  (CVE-2009-3555)

It was discovered that Loader-constraint table, Policy/PolicyFile,
Inflater/Deflater, drag/drop access, and deserialization did not correctly
handle certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy.  (CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094)

It was discovered that AtomicReferenceArray, System.arraycopy,
InetAddress, and HashAttributeSet did not correctly handle certain
situations.  If a remote attacker could trigger specific error conditions,
a Java application could crash, leading to a denial of service.
(CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845)

It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and
the AWT library did not correctly check buffer lengths.  If a user or
automated system were tricked into handling specially crafted JAR files or
images, a remote attacker could crash the Java application or possibly
gain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847,

It was discovered that applets did not correctly handle certain trust
chains.  If a user were tricked into running a specially crafted applet,
a remote attacker could possibly run untrusted code with user privileges.

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:   183148 c52d5567be104b1ecf671fae43a15682
      Size/MD5:     1797 3733e7dce2f951b329b777fb097b853a
      Size/MD5: 51692912 a409bb4e935a22dcbd3529dc098c58de

  Architecture independent packages:
      Size/MD5:  8465062 e8317e2c220626b5766ba857015f04e1
      Size/MD5:  4721000 0dea03e5492b2a86e1b0a78df4acb46b
      Size/MD5: 25593942 6fd45df7392ca30f33b4a282531eef12

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5: 47453206 eae77d94e79f5e4cb3c46cab6cd57c5c
      Size/MD5:  2364290 2baf34a6a7a5a094d4b4438dbbc7147b
      Size/MD5:  9447596 eef973ac531daaadf5ab760a265b41fe
      Size/MD5: 22508466 8b15c220adb38f64ae754800396d3a19
      Size/MD5:   228484 a323f8696f9a5378a3a631a95109450f

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5: 104058320 a95066e7f890da39eb7b8556f0a36977
      Size/MD5:  2345048 bde1fa6d004e73a6d097b7be02f4d9ae
      Size/MD5:  9447476 7889de9b3b87f4a9f461b35e56ab64cf
      Size/MD5: 23773682 619f57ae6a09fbc56d09e1a1a6d59e62
      Size/MD5:   217638 428e8670220b4fbf719a3a124e60d536

  lpia architecture (Low Power Intel Architecture):
      Size/MD5: 104062648 13e73eae4986b94270032c8f4e3ddcf8
      Size/MD5:  2344972 795aa31006cccb06d818aff24a1f82b4
      Size/MD5:  9448498 98cb40a0d788c3750247379a22bee067
      Size/MD5: 23773060 8d8e89c8d4e801f9911de9d12c245875
      Size/MD5:   217316 6fcfbcff910e018a64ec9f76894c81ab

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5: 104450388 ce9db0e72401ee64ee59df0c816f9372
      Size/MD5:  2352116 980d9aee28124513b8edacda713f1a31
      Size/MD5:  9475864 71f0c82b94c1c75345067d419a265ebe
      Size/MD5: 23756416 ff20b7e7079455a796cac85e9553d88b
      Size/MD5:   220918 2d9b81c6d6c71a1693c4d7d886a7bb74

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:  1375087 10d1160d42871b6e8606373cbced4dc7
      Size/MD5:     2359 60d4e5bf13b4ce37812dbf188b7824ad
      Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686

  Architecture independent packages:
      Size/MD5:  8470746 29ef8fdb9c2c062a52b402d70dc692c7
      Size/MD5:  4711518 e678e345460278483fd3a9801f99d7f6
      Size/MD5: 25635634 6b7261befbce12caabbc1e77b093e161
      Size/MD5: 49158148 53bcac8f60e7ee27ef10720137709f93

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    81034 9a0395e548e5899c74377f4a23992d71
      Size/MD5: 47367112 ee7ed0d1c2bf41fb0ebb47f76111f090
      Size/MD5:  2365970 ac935137ac7ca66121a675e336014e63
      Size/MD5:  9982830 2d94c57fdf821cf81d34b71faa9963fa
      Size/MD5: 24301504 c9a50074f40bcc93f0625c8dfb6baa1d
      Size/MD5:   241776 49722cd46d681443fe4c8e1ad99deb70

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    71514 f7cf567e9c524867a32b0920a7761965
      Size/MD5: 101843712 722f0c60fef209bd901c60a609f7bddc
      Size/MD5:  2348852 b6ee3b0392f5fe6bca46ae05a37782de
      Size/MD5:  9988498 cacb6b8de48b6dbe2068d85ea4d44c42
      Size/MD5: 25384560 f071f739e8dbccf1ed2274165d9a317f
      Size/MD5:   230916 d6c41f5b108d3bf35a642c82dd5b3d4a

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    72114 416d9761e7e77aaac7509bd70bf45acf
      Size/MD5: 101928710 9f3b79fde15926026775861f589c37d3
      Size/MD5:  2345378 d33dc1056d95ccba50993236102ca840
      Size/MD5:  9985588 38f76e4a1762ed21f37eb590f053e589
      Size/MD5: 25404434 5ebe205933aab2a9c67139ed671654bd
      Size/MD5:   227702 3342a99a7c3a6d3b2df8b99a088a0af1

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    70106 1911c148e05427b55400a399f819c51a
      Size/MD5: 103684952 0756ff303702b1541950068f3ef26a94
      Size/MD5:  2355094 83c8a90c6fd62bf30904bc6414d363d1
      Size/MD5:  9986064 bed1922cf2dc79e014860af321d5306a
      Size/MD5: 25390306 d720246e4c85631745bb08d7f6a1d226
      Size/MD5:   233156 1d700e023dfb790e6f9e7bb7e24d2c27

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:  4320319 4021c8fcd4c1614a2451160790a85405
      Size/MD5:     2415 c7756818c527a60c1ae5a4ea1411813b
      Size/MD5: 65306137 071e4d08171b577d3cb35ae3a09f4cb8

  Architecture independent packages:
      Size/MD5:  8472854 340422a72c165a478129695b87a3decd
      Size/MD5:  4771496 23f3c880aa6f4d1ff5b4acdd1bcd6cb8
      Size/MD5: 25681316 996af30b86be694c165d5a58852c99b5
      Size/MD5: 57004614 f4c7edfd8b1b2e2d53c98d31e29e603b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   446312 98920eac0bb9aa7f4abb7fe5e40496c2
      Size/MD5:    87810 277a7b218a36623cae073cca7449d8a4
      Size/MD5: 87535158 65df1284d16dedcdf5751e1faf424b54
      Size/MD5:  2365580 92d2e716091cd87020102e6e3cb4b075
      Size/MD5: 10829214 4acb9fafb20f1bb228da14f1cc2da0b8
      Size/MD5: 24670588 29e8e6207186557e03f7b64c3262c164
      Size/MD5:   267412 2b7eddeaf144c46ab38bc8712a12d138
      Size/MD5:  1794560 ba9a8cced38085eeb7fb040b4dfbf691

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   498920 e02ca2da27e70599577a60c007be8493
      Size/MD5:    76838 92ed2b38936e10a0eab660f077bb1757
      Size/MD5: 149231132 db05ea43b092e89bb4028131bb276339
      Size/MD5:  2348572 d1125ff6daa3f7974c065dcd41b942cb
      Size/MD5: 10929528 136cf1f9245338787498b575fe83de07
      Size/MD5: 25900108 dd0cc85c2c122b0c3c51d92d35e88338
      Size/MD5:   253256 c5ff4fa05eebc58a47db13a8d6065a79
      Size/MD5:  1558272 01dc786c3de0cddfb8b8c719b9e31ba7

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   436134 9316505ae832a36dc09a1c83518ba8d9
      Size/MD5:    77330 5c6197772fcd49840fa7734452ed801d
      Size/MD5: 149400248 d7dcc7705e50e2d7f7de5116856d4cb8
      Size/MD5:  2345326 22076953b3af77f06692f7ac45483417
      Size/MD5: 10848220 d6dcfe8087e5663944d594bac2995fed
      Size/MD5: 25925550 47d8bd1984367794ef7f949171c1fb77
      Size/MD5:   249588 89fe1d94a183806172bf5f93cba08d90
      Size/MD5:  1475474 b2d04c74193cac3504e546a10c21c688

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   471620 e11ec836592b371cb674132e7beb0913
      Size/MD5:    82192 2fd9797d1eb5811c2f93fbc1327b207b
      Size/MD5: 41322854 1eabcfe599bae6fd46703524d482c9dd
      Size/MD5:  2393316 c353cb8a1852f1e1da40dd0474145c74
      Size/MD5:  8651154 fa3878a77ed0d95da518c5d110a47c9c
      Size/MD5: 23432700 f9d15b89f89bd1fc046da4341653ce44
      Size/MD5:   282878 c360d272d178f1d5f8ad158646aee4b1

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:   189626 f2bce81c432bd538792e5271b2199f34
      Size/MD5:     2347 f5e807f1f9bd85ac28ec9d00915369d0
      Size/MD5: 63908782 4fe4fd2bc93074ff7a208265888a36b0

  Architecture independent packages:
      Size/MD5:  8462214 43a2edb121514adf08ba9185cc135461
      Size/MD5:  4772052 604cabebd5e9c4eeae1d186984b56b4c
      Size/MD5: 25684570 f002f587f0773833bce4893ae5019740

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   331476 b13401043a474794c9f363850a75036a
      Size/MD5:    88444 07a7aca4c43029ab2536e813a141f098
      Size/MD5: 93589046 caaefff32bde8ad5ef5048757fdfd0d6
      Size/MD5:  2369542 64dbab7480bdbda94f0e79e2d184a4e1
      Size/MD5: 10835892 04b03aa158add9a5ec4fb51e14e735b6
      Size/MD5: 24801720 96d4c56f665da4c4439bd4e5ddca41cc
      Size/MD5:   270976 11bf2056bd8dc624fffcf99414a24abe
      Size/MD5:  4700646 3ca67367189b5afb60c73783ab30519d

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   295016 c35a01472676b0777d2efa148788cdb7
      Size/MD5:    77906 5726d9e09ef7cf6964dc1be85c7a1dbf
      Size/MD5: 154868278 665da097b3e8ec12298ce2ef4b24cac9
      Size/MD5:  2352980 98a442b9ec469ab4c4ed718cdd360004
      Size/MD5: 10953658 fe677db503bbf3dd45ed0c5ec84d1818
      Size/MD5: 26071290 6a46dbae9a611e7d868c414702918a81
      Size/MD5:   258644 60ae0f320a6cef87f1ce8e8d4b1b3657
      Size/MD5:  4179062 1fafce1885ba7f4f1ac42d6834ad2ddb

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   295648 98a7c38778a14a58cc1b2ef8cc3fc6aa
      Size/MD5:    78994 eacb841dc0f72601408472022475e4ea
      Size/MD5: 155028880 3cd1909d1a0c6309db78f10ba2303e47
      Size/MD5:  2349960 a4ed8cbe6b808d20b3905805a88ea8f6
      Size/MD5: 10834376 27f3b73570d9b0966771b6dcda748ffe
      Size/MD5: 26115464 5e987d96c2ee41ec0abac25a291f2b04
      Size/MD5:   254844 7382c5d11d2964b28005b8aa033ac054
      Size/MD5:  4171478 97a4455fec8056d1c51758ed6498ed64

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   320710 7e6f3f341c506ee102d55e0b0eeab3ec
      Size/MD5:    82728 7f74262de7084d8e02617ffa101a4c0d
      Size/MD5: 79465642 e4157d6a2e402289b5f59802e57daf35
      Size/MD5:  2368570 5fadc447b30b87a868a797f151f8a953
      Size/MD5:  8786542 e47528b55a38e7993ff0b9a8d8d94f0e
      Size/MD5: 23510102 d254a8014e50bfda3dae495007ffb3cf
      Size/MD5:   278238 e43b7f00294bcb017400afee75c61f09
      Size/MD5:  4046108 babed0cdb15cde22daf171cefcaee9f0

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    75514 63122f5f2dc2ea5a22b6cc96e749e2ed
      Size/MD5: 119361738 2b71a8764c11424b3d389c9a3d5f9422
      Size/MD5:  2358884 4f7bf2738932ebec0f78e987ee71eb60
      Size/MD5: 10858710 1368b7cede30e323cba35c8b103949f1
      Size/MD5: 26040612 2a4ed661590203bc0aa8ed119057012a
      Size/MD5:   259016 1208328eb1a6bee5d87c0d28534767da

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.