==========================================================Ubuntu Security Notice USN-1079-1 March 01, 2011
openjdk-6 vulnerabilities
CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,
CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,
CVE-2011-0706
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
icedtea6-plugin 6b20-1.9.7-0ubuntu1~9.10.1
openjdk-6-jre 6b20-1.9.7-0ubuntu1~9.10.1
openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1~9.10.1
openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1~9.10.1
Ubuntu 10.04 LTS:
icedtea6-plugin 6b20-1.9.7-0ubuntu1~10.04.1
openjdk-6-jre 6b20-1.9.7-0ubuntu1~10.04.1
openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1~10.04.1
openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1~10.04.1
Ubuntu 10.10:
icedtea6-plugin 6b20-1.9.7-0ubuntu1
openjdk-6-jre 6b20-1.9.7-0ubuntu1
openjdk-6-jre-headless 6b20-1.9.7-0ubuntu1
openjdk-6-jre-lib 6b20-1.9.7-0ubuntu1
After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.
Details follow:
It was discovered that untrusted Java applets could create domain
name resolution cache entries, allowing an attacker to manipulate
name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker
could exploit this to execute arbitrary code as the user invoking
the program. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events
could allow bypass of SecurityManager checks. This could allow an
attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory
management within the HotSpot JVM. This could allow an attacker to
cause a denial of service through an application crash or possibly
inject code. (CVE-2010-4469)
It was discovered that the way JAXP components were handled
allowed them to be manipulated by untrusted applets. An attacker
could use this to bypass XML processing restrictions and elevate
privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)
Konstantin Preißer and others discovered that specific double literals
were improperly handled, allowing a remote attacker to cause a denial
of service. (CVE-2010-4476)
It was discovered that the JNLPClassLoader class when handling multiple
signatures allowed remote attackers to gain privileges due to the
assignment of an inappropriate security descriptor. (CVE-2011-0706)
Updated packages for Ubuntu 9.10:
Source archives:
Size/MD5: 132023 8f8f9a8e3c033dbb852547dcfaa9213b
Size/MD5: 3018 9a6f0f82ce6e6963199fa5f1e0da963a
Size/MD5: 73265927 c7367808152f71091603546acca43633
Architecture independent packages:
Size/MD5: 19980542 c56f9b378efdad1e9f0e6612eedb14f7
Size/MD5: 6168608 3193825377cfc1b486c2ab8ad1995d5a
Size/MD5: 26867734 4764b5997e7f34e22a0cde19ea31e230
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 433362 194f199c99819e8230676d9f5d370520
Size/MD5: 83644 1850fd6280ba241df9afde6ebe99912f
Size/MD5: 119625978 0d16cfb58e678ba32291d17c6d549d9c
Size/MD5: 2364474 d4eaa941ec07ca4514c52c76d05fa25d
Size/MD5: 10865094 d7640162bc43f00bbe3f12dc2e49bac7
Size/MD5: 25652090 e8558953483cec1a6ae3dadf60cfb368
Size/MD5: 270614 2fcec193a6f2f8ad0a22463af666be35
Size/MD5: 5595434 2c2e3038fe36644ccdb150442f166976
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 418330 b3381b114b8f3d75dcf889b047695a9f
Size/MD5: 79216 1fe94a88a1519ed36fc6b02e383e8730
Size/MD5: 173001600 360b4b602a9d47c8849d8ed34f6fbb36
Size/MD5: 2351062 f12b8f456b08e941c8fc72cf175cc6c2
Size/MD5: 10860096 f8a4b1b7b634bf676c49d8c10e98e90d
Size/MD5: 27503578 b2268b855dd46ab7d09d687018dc1bab
Size/MD5: 255760 eaa165fe5896e278c1556e06b359ba5a
Size/MD5: 5090354 3200d4375dc339d7bea9bf6891371e8a
lpia architecture (Low Power Intel Architecture):
Size/MD5: 422460 c1860838f90962bd062bc94e15a54882
Size/MD5: 81886 fe55f899cbd5229d2a0bc700c5adcbaf
Size/MD5: 173186376 5f012c5e1da278fd45768c0f3d03fdbd
Size/MD5: 2348232 c299fb1a25242f12d5ac6d64bbee37b9
Size/MD5: 10856042 01d04643edafefa871c3097c20620004
Size/MD5: 27546882 cac5bed09db3d8ab61d037bb4f072c9d
Size/MD5: 251964 f6cf95b2324ccdc94c32ca6f028a05c2
Size/MD5: 5080344 e539a9d0ccaed2e5ab986439d5b936d1
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 79628 2d9343fbbfb3354635ff44ad959f675a
Size/MD5: 119246950 959d148ae623498f4771b5a5c047c144
Size/MD5: 2364678 efa3630d68a7dd14a310661f306287ad
Size/MD5: 10861170 3fd7739be63e6a7db17bfa1feb699743
Size/MD5: 27390710 0f1a7e8cd028570183bc794d3829657a
Size/MD5: 256834 9e9918705b010beb561d4c3d954ab1c9
Updated packages for Ubuntu 10.04 LTS:
Source archives:
Size/MD5: 131924 fb001ec87e0d1eede115ebea43284a18
Size/MD5: 3077 83502b062785deb8f22fc8e4041b47f9
Size/MD5: 73265927 c7367808152f71091603546acca43633
Architecture independent packages:
Size/MD5: 19980692 4c61d9b4f4083542287ae07afac74ca1
Size/MD5: 6155846 8dc7a0e065b6fd89eef7a709187ce2de
Size/MD5: 26867826 304a038eeeae71442b4e501b3e283714
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 434572 e1fc47200cf11b3c81a8e6639c80e382
Size/MD5: 84120 3bcde6d60e334229526d60db1b498938
Size/MD5: 119346732 c7629c22f432fb7fc10231d6897a946d
Size/MD5: 2385162 d4353bd1f6c45d0651e603866121664d
Size/MD5: 11089866 0184ade5d87685c2a7307c575a540e9f
Size/MD5: 25658636 9c13db46dcb373942672f3967d5548a2
Size/MD5: 270708 f6d713158d9932df48164c891d3eb145
Size/MD5: 2267148 a44010b2453cce581860e870f32dd087
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 415624 d15cc6c0c52d503c38f98faff1bc30e2
Size/MD5: 79614 077be5976430a61454f8523a0c95e9b9
Size/MD5: 172710800 fd4c441fe3d9f0c774cca6a67a895bff
Size/MD5: 2351412 b085460c2ba7349a7958272976655f05
Size/MD5: 10866004 fdd33f76031612cd89241c10985e7f57
Size/MD5: 27524020 34ba802f981629a53afb5873be695257
Size/MD5: 255930 e0399bdfc68f3d5f62a584bb95b48a8d
Size/MD5: 1950358 a284c70b9f14e1b5c867fd1202d08f4c
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 445820 d6a7b3a6c5f189778835cf34628b7ddd
Size/MD5: 83644 c0257ca2ef07736055eb16433168af41
Size/MD5: 103439294 f09b1899938c0182f7ce902edfaaf317
Size/MD5: 2365544 274fe490551a9b1f401f8fa5553520c8
Size/MD5: 8800212 198652d4cdfdf0c556d2bbb8bef737d8
Size/MD5: 23984718 cdc5f5218f5a52e43e851669c83bc78a
Size/MD5: 275112 d6d1d43bdc1ffc183ff445ab13520d99
Size/MD5: 2081124 8331f8dd7984affdf80b6f9d23730092
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 77768 5c106bae12bb4179d85fff87223c99e1
Size/MD5: 119229200 36817084227488a4e1a492f7e31401fc
Size/MD5: 2365852 820fbb1e9582d1d873d91628212b9318
Size/MD5: 10890122 44edcc5ec2865e1ccf83fa6078f2ba41
Size/MD5: 27312064 b14155e1c81c72e8cc417b048e0bd248
Size/MD5: 257342 b32c4d79c2c40d7e4fbb64eaf2526855
Updated packages for Ubuntu 10.10:
Source archives:
Size/MD5: 134634 7aedf5fbd40f1f2130973bfefe27967f
Size/MD5: 3004 51ee24f36d60d02346ee005c0aee2088
Size/MD5: 73265927 c7367808152f71091603546acca43633
Architecture independent packages:
Size/MD5: 20562864 46095f1897eea0e6d70423d7a23269c6
Size/MD5: 6198968 774addae41a72893e60f02650de568b7
Size/MD5: 26928136 10019899c8fc6063e8b643a3d0829aa7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 433966 6c101b0579693816e711cdc9d76c3bab
Size/MD5: 83388 359c1e0d27682752a895345af75b47f4
Size/MD5: 119379672 d136a0ab23a9bf7c07b24812599d07bb
Size/MD5: 2380008 37eb9917cd8fcf9f08f7ca77890277e0
Size/MD5: 11087378 a77b777520f47ce4bff9437eb26129ed
Size/MD5: 25646582 1f645f4e5c95b63633baae8f7ab9fda8
Size/MD5: 266940 de3f27cae5f34810e42c470d18fefecc
Size/MD5: 2268542 f23b61fe5f230e554fb41a3ff323672f
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 417050 9c003b4582a4e6b7d97ba8bbb18b80b2
Size/MD5: 78710 771ce5238b907b978b3a7b67230dbca4
Size/MD5: 172785086 09ec100605da4543d8231f4ca6cf4704
Size/MD5: 2356270 4286ca0e879d8f3f5eca9c25cf9164a3
Size/MD5: 11080866 7c7b7961c81029664a5c06f2760574f9
Size/MD5: 27498842 f697dde85d12ccd09b03278ad1f82d4b
Size/MD5: 251716 d7780c05caa3795f8d85f0377fe8cb33
Size/MD5: 1948114 ad3d65cf6efa37624c258e3402403a2e
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 445086 c7b85f64fb0604452ff4cbb93330cc3b
Size/MD5: 82778 a0b66d5cc190a476807f6e62c9a760bb
Size/MD5: 103486780 19b9ec766df638f96405821ca0cf3ee9
Size/MD5: 2363402 8fbddd30efec8ec28b18ebe2d483d657
Size/MD5: 8794584 7c9fc5c447ec6d8c8a8e10ec263c87b0
Size/MD5: 23970202 11a3b23dc513235f424a2839f36c6dad
Size/MD5: 270480 40f0248590069e6cdc330fe0f7d42abf
Size/MD5: 2080594 d3662a60a1d921f02a4594991c54c7e2
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
