=========================================================== Ubuntu Security Notice USN-814-1 August 11, 2009 openjdk-6 vulnerabilities CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2690 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: icedtea6-plugin 6b12-0ubuntu6.5 openjdk-6-jre 6b12-0ubuntu6.5 openjdk-6-jre-lib 6b12-0ubuntu6.5 Ubuntu 9.04: icedtea6-plugin 6b14-1.4.1-0ubuntu11 openjdk-6-jre 6b14-1.4.1-0ubuntu11 openjdk-6-jre-lib 6b14-1.4.1-0ubuntu11 After a standard system upgrade you need to restart any Java applications to effect the necessary changes. Details follow: It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this gain access to private information and potentially run untrusted code. (CVE-2009-2475, CVE-2009-2690) A flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. (CVE-2009-2476) It was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. (CVE-2009-2625) It was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties. (CVE-2009-2670) Multiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy. (CVE-2009-2671, CVE-2009-2672, CVE-2009-2673) Flaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges. (CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.5.diff.gz Size/MD5: 1291365 2036bde9f3c71b58dafc7612dc78804d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.5.dsc Size/MD5: 2358 01847c41f69f85e687dd0ed8c049fdec http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.5_all.deb Size/MD5: 8469856 653355e1ce8f94aeaffe12c60861d398 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.5_all.deb Size/MD5: 4710580 f593a6254fca5a1668c847d0422cdbd7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.5_all.deb Size/MD5: 25626358 073f5463f8ed680bd8a7562fd3dd945f http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.5_all.deb Size/MD5: 49155070 c12e075a52646a6389d708917efef472 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.5_amd64.deb Size/MD5: 81022 43cecad6c640c20a0b3268ae282c8a50 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.5_amd64.deb Size/MD5: 47372846 d751aea9e5b00d5341fd715ce81142a0 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.5_amd64.deb Size/MD5: 2366088 584d1f98645b73ba9487a78d9b7e75a5 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.5_amd64.deb Size/MD5: 9975740 d7fe73ef6e95a4b13f140adebc0ef1f4 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.5_amd64.deb Size/MD5: 24283634 d663c65d160821ce445f96b003a5aa22 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.5_amd64.deb Size/MD5: 241766 17b8652623624b34be1e5f6012a4636c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.5_i386.deb Size/MD5: 71520 efc731a14f2dc867d70310a952159759 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.5_i386.deb Size/MD5: 101847250 db09b5ee63bdc20ad663822ee482e9e3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.5_i386.deb Size/MD5: 2348644 875d7540053a3082e88402ec4fe42eac http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.5_i386.deb Size/MD5: 9987626 5440a122d08bccaf51ffafa4a5a0f37a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.5_i386.deb Size/MD5: 25366632 ceccbc28af3e9880377913cf247c0e5a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.5_i386.deb Size/MD5: 230912 7a8a9962fac26847e86b6fefad75f39b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.5_lpia.deb Size/MD5: 72100 7629f365dbd63697308b66d10675ced9 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.5_lpia.deb Size/MD5: 101930650 ad21d10f39e2f963a46770fd2eebd855 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.5_lpia.deb Size/MD5: 2345422 ff42a936452c10b997f69bebcbcabf40 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.5_lpia.deb Size/MD5: 9979098 d4d58ce7457ed47cbde5b981a088ba37 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.5_lpia.deb Size/MD5: 25392450 97bde9a6461a40177f69aebba1a9b58b http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.5_lpia.deb Size/MD5: 227676 c84f20c18775453c0f4357b2a644598e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 77050 5740aba6d61974e0a026f6eeb3013bf9 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 35898558 19b7064c15a1f67c7e5ae124c889fc29 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 2392996 894085b0fed0994da3ace7de5127dc1c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 8629918 1889d7bd755b715325179e885353661c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 23175880 1ae119c83fad9f2c4149e121f5c03b9a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.5_powerpc.deb Size/MD5: 255684 0450cf1cebaf4a430e02b9f46eee0722 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.5_sparc.deb Size/MD5: 70102 3ea0d9213bb1afd2a1cb96d1c683b199 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.5_sparc.deb Size/MD5: 103688618 18ddc8100c3265248fa5fd1abfd73c65 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.5_sparc.deb Size/MD5: 2355140 83e72fb7750a6f24972d4189cde3f0bc http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.5_sparc.deb Size/MD5: 9970610 ed109eef7b9db0539392b609b145ae03 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.5_sparc.deb Size/MD5: 25377008 af9b1d9449a43928efa2b225b2113bd3 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.5_sparc.deb Size/MD5: 233168 13b21b918e9b3b142af7d08bb6882fb8 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu11.diff.gz Size/MD5: 4250833 d97d0484ceb3bed407aba9e46f794b8a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu11.dsc Size/MD5: 2414 708730addb584aba0060aa5534acbd42 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1.orig.tar.gz Size/MD5: 65306137 071e4d08171b577d3cb35ae3a09f4cb8 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b14-1.4.1-0ubuntu11_all.deb Size/MD5: 8470784 bc7493fc50a5575b6aa5805ff42bc13d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b14-1.4.1-0ubuntu11_all.deb Size/MD5: 4771886 23cd1c09251ed2a34d7879dca866def3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b14-1.4.1-0ubuntu11_all.deb Size/MD5: 25673152 bbb76e5389b8fa0b6397765c341aa26b http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b14-1.4.1-0ubuntu11_all.deb Size/MD5: 57002484 64fab1290660fda00dda0a379bf8bfca amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 430874 3a03131f06a6c34ea8f1f1537655d1f5 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 87812 fb658d364a062bae3653637d66482f88 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 87537106 29a8fba73a7b49d0963c5c6e1646a3b3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 2365524 a893530738b0f8f12d0029b68d24f71b http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 10809402 550b9b6cad86605b170d041a4a75ab41 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 24660014 a89cc78edbc31d2dbcd34242e0f50feb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 267412 592d4af0ed6c45b77897ef720f809632 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu11_amd64.deb Size/MD5: 1779570 bd27e789263c51517f8277ca2e4bfeb7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 398116 4f3daf01aff7e32bf6965073758b133e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 76840 4be635b96021b1d73588292b9a0395db http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 149232570 ba16a4d6a2fcd0caa01b77fdf47b221f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 2348268 92866c39b651bceeedb106a5af9c82ab http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 10815154 65ebd8f3e02956d8461cf9a8a73f24c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 25884038 5fd2aa1052a0528fbb87c08c16e57177 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 253254 dc14700392c209af17f7ae504b65b1d5 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu11_i386.deb Size/MD5: 1457488 295509ed90a14683e1cec72f6b49326d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 405234 f7b3cdbbba1022d2dd14b92da462082f http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 77322 48aaf0d901139b95d04d9df9c465c8cb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 149407550 f3bc7215a54235b3d6402c27eda4ecfe http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 2345110 57e2359f2815ae76281a6bc6e52bc2a7 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 10812010 38cb312c75279105a3aee6586d634f8e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 25911508 4c08ac1638c8ed34532ff9d9498f84fd http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 249582 230866f520357a50574f71bce2eb4e33 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu11_lpia.deb Size/MD5: 1443798 e41d939ed6dceb40dbf2ada9ceaf6a0c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 452444 33530c6a9ea1d0cae92329501565f627 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 82190 add7533846deb3de27850f1f5e062c42 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 41323902 0dd5565751d09669b8f6a82709da08a2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 2393222 c6dd4098d764c3775137ccb4e6365cf6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 8650042 76e69c1ffa2af71f4da150d3aed9ee48 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 23418626 382f06972ca3df4618e366140f870878 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu11_powerpc.deb Size/MD5: 282852 0c1db0ccd38fd2a27a85b659a3c41e7f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 75358 bf8b1454c82566e73d616929c4955a08 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 117247650 e91e6633971c12f18fa6e3abb0dc24e1 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 2354868 6415e71c3fb5fed1c79a60f4b878d0d3 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 10818558 e1bb502255aedc6994eab01f2d67fe05 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 25884374 b2016f8819d0ee8c53e9165d6d12e039 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu11_sparc.deb Size/MD5: 255400 a30ce340f8eb073b0a0a349e672da868
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/