Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1079-1: OpenJDK 6 vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that untrusted Java applets could create domainname resolution cache entries, allowing an attacker to manipulatename resolution within the JVM. (CVE-2010-4448) [More...]
Ubuntu Security Notice USN-1079-1            March 01, 2011
openjdk-6 vulnerabilities
CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,
CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  icedtea6-plugin                 6b20-1.9.7-0ubuntu1~9.10.1
  openjdk-6-jre                   6b20-1.9.7-0ubuntu1~9.10.1
  openjdk-6-jre-headless          6b20-1.9.7-0ubuntu1~9.10.1
  openjdk-6-jre-lib               6b20-1.9.7-0ubuntu1~9.10.1

Ubuntu 10.04 LTS:
  icedtea6-plugin                 6b20-1.9.7-0ubuntu1~10.04.1
  openjdk-6-jre                   6b20-1.9.7-0ubuntu1~10.04.1
  openjdk-6-jre-headless          6b20-1.9.7-0ubuntu1~10.04.1
  openjdk-6-jre-lib               6b20-1.9.7-0ubuntu1~10.04.1

Ubuntu 10.10:
  icedtea6-plugin                 6b20-1.9.7-0ubuntu1
  openjdk-6-jre                   6b20-1.9.7-0ubuntu1
  openjdk-6-jre-headless          6b20-1.9.7-0ubuntu1
  openjdk-6-jre-lib               6b20-1.9.7-0ubuntu1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

It was discovered that untrusted Java applets could create domain
name resolution cache entries, allowing an attacker to manipulate
name resolution within the JVM. (CVE-2010-4448)

It was discovered that the Java launcher did not did not properly
setup the LD_LIBRARY_PATH environment variable. A local attacker
could exploit this to execute arbitrary code as the user invoking
the program. (CVE-2010-4450)

It was discovered that within the Swing library, forged timer events
could allow bypass of SecurityManager checks. This could allow an
attacker to access restricted resources. (CVE-2010-4465)

It was discovered that certain bytecode combinations confused memory
management within the HotSpot JVM. This could allow an attacker to
cause a denial of service through an application crash or possibly
inject code. (CVE-2010-4469)

It was discovered that the way JAXP components were handled
allowed them to be manipulated by untrusted applets. An attacker
could use this to bypass XML processing restrictions and elevate
privileges. (CVE-2010-4470)

It was discovered that the Java2D subcomponent, when processing broken
CFF fonts could leak system properties. (CVE-2010-4471)

It was discovered that a flaw in the XML Digital Signature
component could allow an attacker to cause untrusted code to
replace the XML Digital Signature Transform or C14N algorithm
implementations. (CVE-2010-4472)

Konstantin Preißer and others discovered that specific double literals
were improperly handled, allowing a remote attacker to cause a denial
of service. (CVE-2010-4476)

It was discovered that the JNLPClassLoader class when handling multiple
signatures allowed remote attackers to gain privileges due to the
assignment of an inappropriate security descriptor. (CVE-2011-0706)

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:   132023 8f8f9a8e3c033dbb852547dcfaa9213b
      Size/MD5:     3018 9a6f0f82ce6e6963199fa5f1e0da963a
      Size/MD5: 73265927 c7367808152f71091603546acca43633

  Architecture independent packages:
      Size/MD5: 19980542 c56f9b378efdad1e9f0e6612eedb14f7
      Size/MD5:  6168608 3193825377cfc1b486c2ab8ad1995d5a
      Size/MD5: 26867734 4764b5997e7f34e22a0cde19ea31e230

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   433362 194f199c99819e8230676d9f5d370520
      Size/MD5:    83644 1850fd6280ba241df9afde6ebe99912f
      Size/MD5: 119625978 0d16cfb58e678ba32291d17c6d549d9c
      Size/MD5:  2364474 d4eaa941ec07ca4514c52c76d05fa25d
      Size/MD5: 10865094 d7640162bc43f00bbe3f12dc2e49bac7
      Size/MD5: 25652090 e8558953483cec1a6ae3dadf60cfb368
      Size/MD5:   270614 2fcec193a6f2f8ad0a22463af666be35
      Size/MD5:  5595434 2c2e3038fe36644ccdb150442f166976

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   418330 b3381b114b8f3d75dcf889b047695a9f
      Size/MD5:    79216 1fe94a88a1519ed36fc6b02e383e8730
      Size/MD5: 173001600 360b4b602a9d47c8849d8ed34f6fbb36
      Size/MD5:  2351062 f12b8f456b08e941c8fc72cf175cc6c2
      Size/MD5: 10860096 f8a4b1b7b634bf676c49d8c10e98e90d
      Size/MD5: 27503578 b2268b855dd46ab7d09d687018dc1bab
      Size/MD5:   255760 eaa165fe5896e278c1556e06b359ba5a
      Size/MD5:  5090354 3200d4375dc339d7bea9bf6891371e8a

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   422460 c1860838f90962bd062bc94e15a54882
      Size/MD5:    81886 fe55f899cbd5229d2a0bc700c5adcbaf
      Size/MD5: 173186376 5f012c5e1da278fd45768c0f3d03fdbd
      Size/MD5:  2348232 c299fb1a25242f12d5ac6d64bbee37b9
      Size/MD5: 10856042 01d04643edafefa871c3097c20620004
      Size/MD5: 27546882 cac5bed09db3d8ab61d037bb4f072c9d
      Size/MD5:   251964 f6cf95b2324ccdc94c32ca6f028a05c2
      Size/MD5:  5080344 e539a9d0ccaed2e5ab986439d5b936d1

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    79628 2d9343fbbfb3354635ff44ad959f675a
      Size/MD5: 119246950 959d148ae623498f4771b5a5c047c144
      Size/MD5:  2364678 efa3630d68a7dd14a310661f306287ad
      Size/MD5: 10861170 3fd7739be63e6a7db17bfa1feb699743
      Size/MD5: 27390710 0f1a7e8cd028570183bc794d3829657a
      Size/MD5:   256834 9e9918705b010beb561d4c3d954ab1c9

Updated packages for Ubuntu 10.04 LTS:

  Source archives:
      Size/MD5:   131924 fb001ec87e0d1eede115ebea43284a18
      Size/MD5:     3077 83502b062785deb8f22fc8e4041b47f9
      Size/MD5: 73265927 c7367808152f71091603546acca43633

  Architecture independent packages:
      Size/MD5: 19980692 4c61d9b4f4083542287ae07afac74ca1
      Size/MD5:  6155846 8dc7a0e065b6fd89eef7a709187ce2de
      Size/MD5: 26867826 304a038eeeae71442b4e501b3e283714

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   434572 e1fc47200cf11b3c81a8e6639c80e382
      Size/MD5:    84120 3bcde6d60e334229526d60db1b498938
      Size/MD5: 119346732 c7629c22f432fb7fc10231d6897a946d
      Size/MD5:  2385162 d4353bd1f6c45d0651e603866121664d
      Size/MD5: 11089866 0184ade5d87685c2a7307c575a540e9f
      Size/MD5: 25658636 9c13db46dcb373942672f3967d5548a2
      Size/MD5:   270708 f6d713158d9932df48164c891d3eb145
      Size/MD5:  2267148 a44010b2453cce581860e870f32dd087

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   415624 d15cc6c0c52d503c38f98faff1bc30e2
      Size/MD5:    79614 077be5976430a61454f8523a0c95e9b9
      Size/MD5: 172710800 fd4c441fe3d9f0c774cca6a67a895bff
      Size/MD5:  2351412 b085460c2ba7349a7958272976655f05
      Size/MD5: 10866004 fdd33f76031612cd89241c10985e7f57
      Size/MD5: 27524020 34ba802f981629a53afb5873be695257
      Size/MD5:   255930 e0399bdfc68f3d5f62a584bb95b48a8d
      Size/MD5:  1950358 a284c70b9f14e1b5c867fd1202d08f4c

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   445820 d6a7b3a6c5f189778835cf34628b7ddd
      Size/MD5:    83644 c0257ca2ef07736055eb16433168af41
      Size/MD5: 103439294 f09b1899938c0182f7ce902edfaaf317
      Size/MD5:  2365544 274fe490551a9b1f401f8fa5553520c8
      Size/MD5:  8800212 198652d4cdfdf0c556d2bbb8bef737d8
      Size/MD5: 23984718 cdc5f5218f5a52e43e851669c83bc78a
      Size/MD5:   275112 d6d1d43bdc1ffc183ff445ab13520d99
      Size/MD5:  2081124 8331f8dd7984affdf80b6f9d23730092

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    77768 5c106bae12bb4179d85fff87223c99e1
      Size/MD5: 119229200 36817084227488a4e1a492f7e31401fc
      Size/MD5:  2365852 820fbb1e9582d1d873d91628212b9318
      Size/MD5: 10890122 44edcc5ec2865e1ccf83fa6078f2ba41
      Size/MD5: 27312064 b14155e1c81c72e8cc417b048e0bd248
      Size/MD5:   257342 b32c4d79c2c40d7e4fbb64eaf2526855

Updated packages for Ubuntu 10.10:

  Source archives:
      Size/MD5:   134634 7aedf5fbd40f1f2130973bfefe27967f
      Size/MD5:     3004 51ee24f36d60d02346ee005c0aee2088
      Size/MD5: 73265927 c7367808152f71091603546acca43633

  Architecture independent packages:
      Size/MD5: 20562864 46095f1897eea0e6d70423d7a23269c6
      Size/MD5:  6198968 774addae41a72893e60f02650de568b7
      Size/MD5: 26928136 10019899c8fc6063e8b643a3d0829aa7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   433966 6c101b0579693816e711cdc9d76c3bab
      Size/MD5:    83388 359c1e0d27682752a895345af75b47f4
      Size/MD5: 119379672 d136a0ab23a9bf7c07b24812599d07bb
      Size/MD5:  2380008 37eb9917cd8fcf9f08f7ca77890277e0
      Size/MD5: 11087378 a77b777520f47ce4bff9437eb26129ed
      Size/MD5: 25646582 1f645f4e5c95b63633baae8f7ab9fda8
      Size/MD5:   266940 de3f27cae5f34810e42c470d18fefecc
      Size/MD5:  2268542 f23b61fe5f230e554fb41a3ff323672f

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   417050 9c003b4582a4e6b7d97ba8bbb18b80b2
      Size/MD5:    78710 771ce5238b907b978b3a7b67230dbca4
      Size/MD5: 172785086 09ec100605da4543d8231f4ca6cf4704
      Size/MD5:  2356270 4286ca0e879d8f3f5eca9c25cf9164a3
      Size/MD5: 11080866 7c7b7961c81029664a5c06f2760574f9
      Size/MD5: 27498842 f697dde85d12ccd09b03278ad1f82d4b
      Size/MD5:   251716 d7780c05caa3795f8d85f0377fe8cb33
      Size/MD5:  1948114 ad3d65cf6efa37624c258e3402403a2e

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   445086 c7b85f64fb0604452ff4cbb93330cc3b
      Size/MD5:    82778 a0b66d5cc190a476807f6e62c9a760bb
      Size/MD5: 103486780 19b9ec766df638f96405821ca0cf3ee9
      Size/MD5:  2363402 8fbddd30efec8ec28b18ebe2d483d657
      Size/MD5:  8794584 7c9fc5c447ec6d8c8a8e10ec263c87b0
      Size/MD5: 23970202 11a3b23dc513235f424a2839f36c6dad
      Size/MD5:   270480 40f0248590069e6cdc330fe0f7d42abf
      Size/MD5:  2080594 d3662a60a1d921f02a4594991c54c7e2

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.