==========================================================Ubuntu Security Notice USN-1079-3            March 17, 2011
openjdk-6b18 vulnerabilities
CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,
CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,
CVE-2011-0706
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  icedtea6-plugin                 6b18-1.8.7-0ubuntu2.1
  openjdk-6-jre                   6b18-1.8.7-0ubuntu2.1
  openjdk-6-jre-headless          6b18-1.8.7-0ubuntu2.1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)
architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes
vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu
10.10.

Original advisory details:

 It was discovered that untrusted Java applets could create domain
 name resolution cache entries, allowing an attacker to manipulate
 name resolution within the JVM. (CVE-2010-4448)
 
 It was discovered that the Java launcher did not did not properly
 setup the LD_LIBRARY_PATH environment variable. A local attacker
 could exploit this to execute arbitrary code as the user invoking
 the program. (CVE-2010-4450)
 
 It was discovered that within the Swing library, forged timer events
 could allow bypass of SecurityManager checks. This could allow an
 attacker to access restricted resources. (CVE-2010-4465)
 
 It was discovered that certain bytecode combinations confused memory
 management within the HotSpot JVM. This could allow an attacker to
 cause a denial of service through an application crash or possibly
 inject code. (CVE-2010-4469)
 
 It was discovered that the way JAXP components were handled
 allowed them to be manipulated by untrusted applets. An attacker
 could use this to bypass XML processing restrictions and elevate
 privileges. (CVE-2010-4470)
 
 It was discovered that the Java2D subcomponent, when processing broken
 CFF fonts could leak system properties. (CVE-2010-4471)
 
 It was discovered that a flaw in the XML Digital Signature
 component could allow an attacker to cause untrusted code to
 replace the XML Digital Signature Transform or C14N algorithm
 implementations. (CVE-2010-4472)
 
 Konstantin Preißer and others discovered that specific double literals
 were improperly handled, allowing a remote attacker to cause a denial
 of service. (CVE-2010-4476)
 
 It was discovered that the JNLPClassLoader class when handling multiple
 signatures allowed remote attackers to gain privileges due to the
 assignment of an inappropriate security descriptor. (CVE-2011-0706)


Updated packages for Ubuntu 10.10:

  Source archives:

          Size/MD5:   149561 b35ae7a82db49282379d36e7ece58484
          Size/MD5:     3015 04cb459aeaab6c228e722caf07a44de9
          Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19

  armel architecture (ARM Architecture):

          Size/MD5:   377802 d4439da20492eafbccb33e2fe979e8c9
          Size/MD5:    78338 7bdf93e00fd81dc82fd0d9a8b4e905c7
          Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c
          Size/MD5:  1545620 544c54891d44bdac534c81318a7f2bcb
          Size/MD5:  9140042 0a2d6ed937081800baeb6fc55326a754
          Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413
          Size/MD5:   266102 4278c2c06387cf883325356efda3c4d4
          Size/MD5:  1959296 6becfb4d5a2ecbe7aee622b84df57f12

Ubuntu 1079-3: OpenJDK 6 vulnerabilities

March 17, 2011
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS

Summary

Update Instructions

References

Severity
openjdk-6b18 vulnerabilities

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved