Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-46 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-04-01
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
=======
Some vulnerabilities have been reported in Sun Java, which can be
exploited by malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), or potentially compromise a user's
system.
Description
===========
1) An error while initialising LDAP connections can be exploited to
render the LDAP service unresponsive.
2) An error in the JRE LDAP client implementation can be exploited to
load and execute arbitrary code via specially crafted data received from
a malicious LDAP server.
3) An integer overflow error in JRE when unpacking applets and in Java
Web Start applications using the "unpack200" JAR unpacking utility can
be exploited to potentially execute arbitrary code.
4) An error in JRE when unpacking applets and in Java Web Start
applications using the "unpack200" JAR unpacking utility can be
exploited to cause a buffer overflow and potentially execute arbitrary
code.
5) Two errors when storing and processing temporary font files can be
exploited by an untrusted applet or a Java Web Start application to
consume an overly large amount of disk space.
6) An error in the Java Plug-in when deserializing applets can be
exploited to e.g. read, write, or execute local files.
7) The Java Plug-in allows JavaScript code loaded from the local system
to connect to arbitrary local ports. This can be exploited in
combination with cross-site scripting attacks to access normally
restricted local ports.
8) The Java Plug-in allows applets to run in earlier versions of JRE if
approved by the user. This can be exploited to trick a user into loading
a malicious applet into an old and potentially vulnerable JRE version.
9) An error in the Java Plug-in when processing crossdomain.xml files
can be exploited by an untrusted applet to connect to arbitrary domains
providing a crossdomain.xml file.
10) An error in the Java Plug-in can be exploited by a signed applet to
alter the contents of the security dialog and trick a user into trusting
the applet.
11) An error in the JRE virtual machine when generating code can be
exploited to e.g. read, write, or execute local files.
NOTE: This vulnerability only affects JDK and JRE 6 Update 12 and
earlier for the Solaris SPARC platform.
12) An integer overflow error in JRE when processing PNG splash screen
images can be exploited by an untrusted Java Web Start application to
cause a buffer overflow and potentially execute arbitrary code.
13) An error in JRE when processing GIF splash screen images can be
exploited by an untrusted Java Web Start application to cause a buffer
overflow and potentially execute arbitrary code.
14) An error in JRE when processing GIF images can be exploited by an
untrusted applet or an untrusted Java Web Start application to cause a
buffer overflow and potentially execute arbitrary code.
15) A signedness error in JRE when processing Type1 fonts can be
exploited to cause corrupt heap memory and potentially execute arbitrary
code.
16) An unspecified error in the JRE HTTP server implementation can be
exploited to render a JAX-WS service endpoint unresponsive.
Affected packages:
Pardus 2008:
sun-jdk, all before 1.6.0_p13-18-5
sun-jdk-demo, all before 1.6.0_p13-18-2
sun-jdk-doc, all before 1.6.0_p13-18-2
sun-jdk-samples, all before 1.6.0_p13-18-2
sun-jre, all before 1.6.0_p13-18-5
Resolution
==========
There are update(s) for sun-jdk, sun-jdk-demo, sun-jdk-doc,
sun-jdk-samples, sun-jre. You can update them via Package Manager or
with a single command from console:
pisi up sun-jdk sun-jdk-demo sun-jdk-doc sun-jdk-samples sun-jre
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9467
* http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1
* http://secunia.com/advisories/34451/