==========================================================Ubuntu Security Notice USN-748-1             March 26, 2009
openjdk-6 vulnerabilities
CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  icedtea6-plugin                 6b12-0ubuntu6.4
  openjdk-6-jdk                   6b12-0ubuntu6.4
  openjdk-6-jre                   6b12-0ubuntu6.4
  openjdk-6-jre-headless          6b12-0ubuntu6.4
  openjdk-6-jre-lib               6b12-0ubuntu6.4

After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.

Details follow:

It was discovered that font creation could leak temporary files.
If a user were tricked into loading a malicious program or applet,
a remote attacker could consume disk space, leading to a denial of
service. (CVE-2006-2426, CVE-2009-1100)

It was discovered that the lightweight HttpServer did not correctly close
files on dataless connections.  A remote attacker could send specially
crafted requests, leading to a denial of service. (CVE-2009-1101)

Certain 64bit Java actions would crash an application.  A local attacker
might be able to cause a denial of service. (CVE-2009-1102)

It was discovered that LDAP connections did not close correctly.
A remote attacker could send specially crafted requests, leading to a
denial of service.  (CVE-2009-1093)

Java LDAP routines did not unserialize certain data correctly.  A remote
attacker could send specially crafted requests that could lead to
arbitrary code execution. (CVE-2009-1094)

Java did not correctly check certain JAR headers.  If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2009-1095, CVE-2009-1096)

It was discovered that PNG and GIF decoding in Java could lead to memory
corruption.  If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)


Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:   257215 876f885acf37c0817a35956e6520de3a
          Size/MD5:     2355 d8a4b0fe60497fd1f61c978c3c78e571
          Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686

  Architecture independent packages:

          Size/MD5:  8469732 b032a764ce88bd155f9aaba02ecc6566
          Size/MD5:  4709872 299164cb69aa3ec883867afb7d8d9054
          Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d
          Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    81028 8952bc76c555dc8d950b2d3bfa940b7c
          Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96
          Size/MD5:  2366132 75294026f904346ec76397cd388252c3
          Size/MD5:  9944822 cfd88c5f3fe97c67d8eca19908344823
          Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90
          Size/MD5:   241642 240d8346bb895f9623091c94c81ae466

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    71516 5c67a03b0011a3bd117fae210ca27cd9
          Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb
          Size/MD5:  2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3
          Size/MD5:  9952338 c6bc056c5fa988f8841542a6801aa84d
          Size/MD5: 25177778 41fa22a436950239955756efe7bc9112
          Size/MD5:   230774 5c5188e21a7a5a76763d7f651162dc3a

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:    72110 1b419781fc73fe42b85ff180f520edc2
          Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51
          Size/MD5:  2345400 ef0b99c18c2ce4cd1ae68f1f20d08566
          Size/MD5:  9947530 6bb618600d7c1f7ec68a68519094e0d9
          Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4
          Size/MD5:   227556 ad49784b480e88550c61dfc069cb4d2a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    77056 11313904c64bee4204f6369b4ffd5e66
          Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5
          Size/MD5:  2393022 c04df84eeb2373a7f0cd84ad85610188
          Size/MD5:  8600518 197d84aae1eaafdab671a5749b42b86c
          Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70
          Size/MD5:   255542 a7d6deeb5ef7143bb8631c593f4c36c6

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    70098 44eca12cf6d8ed10e02a755772052b5b
          Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf
          Size/MD5:  2355160 e8adc4df2d4bc39f66da967b5272d455
          Size/MD5:  9940784 c35a4115f4587df050af4c16de829674
          Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3
          Size/MD5:   233052 1773a666f39a632f458e850fb300ef12

Ubuntu 748-1: OpenJDK vulnerabilities

March 26, 2009
It was discovered that font creation could leak temporary files.If a user were tricked into loading a malicious program or applet,a remote attacker could consume disk space, leadin...

Summary

Update Instructions

References

Severity
openjdk-6 vulnerabilities

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved