Ubuntu 953-1: fastjar vulnerability

    Date21 Jun 2010
    CategoryUbuntu
    51
    Posted ByLinuxSecurity Advisories
    Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. [More...]
    ===========================================================
    Ubuntu Security Notice USN-953-1              June 21, 2010
    fastjar vulnerability
    CVE-2010-0831
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 9.04
    Ubuntu 9.10
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      fastjar                         2:0.95-1ubuntu2.1
    
    Ubuntu 9.04:
      fastjar                         2:0.97-3ubuntu0.1
    
    Ubuntu 9.10:
      fastjar                         2:0.98-1ubuntu0.9.10.1
    
    Ubuntu 10.04 LTS:
      fastjar                         2:0.98-1ubuntu0.10.04.1
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    Dan Rosenberg discovered that fastjar incorrectly handled file paths
    containing ".." when unpacking archives. If a user or an automated system
    were tricked into unpacking a specially crafted jar file, arbitrary files
    could be overwritten with user privileges.
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1.diff.gz
          Size/MD5:    14652 0bbecbfd445a41af5fac64225180626f
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1.dsc
          Size/MD5:      688 37c0afbe767cd560f19f444c518f9e9a
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95.orig.tar.gz
          Size/MD5:   593955 92a70f9e56223b653bce0f58f90cf950
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_amd64.deb
          Size/MD5:    84840 92c639fcce37474a468a243a26a9ead6
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_i386.deb
          Size/MD5:    45128 b0d21c6467fe96f13ed0b6c71c96fd76
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_lpia.deb
          Size/MD5:    45394 082ac97eca4af7ed2e04576027240d98
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_powerpc.deb
          Size/MD5:    47688 b5b71b34bd0d6933356e0f667be92d34
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.95-1ubuntu2.1_sparc.deb
          Size/MD5:    46654 cd6104ab543567ea3b9d3af71812cb64
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1.diff.gz
          Size/MD5:     4303 f685e7715cc6ef5f819cb1408d4fadba
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1.dsc
          Size/MD5:     1077 4ea02be4634886678ad56803e595a74c
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97.orig.tar.gz
          Size/MD5:   676393 2659f09c2e43ef8b7d4406321753f1b2
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_amd64.deb
          Size/MD5:    91000 834e980e9d7f6f58ee0a861f96a374f2
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_i386.deb
          Size/MD5:    48910 416f5950f1d5f679aaf69977bdf3e893
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_lpia.deb
          Size/MD5:    49010 4d5680c65c5b00559cfd11eb3d05ab18
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_powerpc.deb
          Size/MD5:    50538 e2dca54f24d0c4a0adc6f8b56639a7f4
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.97-3ubuntu0.1_sparc.deb
          Size/MD5:    50536 6d85158ea3212a93e5dc36ee9829d5e1
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1.diff.gz
          Size/MD5:     4095 fa64ab3ca694288d157c37b4571a1781
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1.dsc
          Size/MD5:     1097 85d8021aa363a9a2ca0025b994408139
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98.orig.tar.gz
          Size/MD5:   717984 d2d264d343d4d0e1575832cc1023c3bf
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_amd64.deb
          Size/MD5:    91004 ed7dedc416f0c2f94c9a941cbffb8f98
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_i386.deb
          Size/MD5:    48924 338dd4ba551b8217917e36846ef6e199
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_lpia.deb
          Size/MD5:    49194 1cd1de1d62b913a4ceca1a7f9837d8c0
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_powerpc.deb
          Size/MD5:    50286 4b43f23dbac8b065e984e23906328671
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.9.10.1_sparc.deb
          Size/MD5:    50428 30ff3e7a9e9a88383d2113fcd38a9f1a
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1.diff.gz
          Size/MD5:     4192 d1079eedbcf9a0bfb3fd270a91e49fb9
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1.dsc
          Size/MD5:     1101 feeaadc1dc54e396da69a69ade68116a
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98.orig.tar.gz
          Size/MD5:   717984 d2d264d343d4d0e1575832cc1023c3bf
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1_amd64.deb
          Size/MD5:    90958 a088a28e94c4d3240ffa5394d3ead692
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1_i386.deb
          Size/MD5:    49018 567ebb9983b24d76b7e0149f8a03a959
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1_powerpc.deb
          Size/MD5:    50532 47cf2e79000cb83f550d01e9748eedfc
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/f/fastjar/fastjar_0.98-1ubuntu0.10.04.1_sparc.deb
          Size/MD5:    51216 8ce8b35ae84d7f33fb499a99432ffb64
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.