exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 713-1

Ubuntu Security Notice 713-1
Posted Jan 28, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-713-1 - Eleven vulnerabilities have been addressed in the openjdk-6 package on Ubuntu.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5349
SHA-256 | c5eef1cafb7cff5db2f51ef30df3599561ec0ba3321a4d874f5a488e23ce961c

Ubuntu Security Notice 713-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-713-1 January 27, 2009
openjdk-6 vulnerabilities
CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350,
CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354,
CVE-2008-5358, CVE-2008-5359, CVE-2008-5360
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
icedtea6-plugin 6b12-0ubuntu6.1
openjdk-6-jdk 6b12-0ubuntu6.1
openjdk-6-jre 6b12-0ubuntu6.1
openjdk-6-jre-headless 6b12-0ubuntu6.1
openjdk-6-jre-lib 6b12-0ubuntu6.1

After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.

Details follow:

It was discovered that Java did not correctly handle untrusted applets.
If a user were tricked into running a malicious applet, a remote attacker
could gain user privileges, or list directory contents. (CVE-2008-5347,
CVE-2008-5350)

It was discovered that Kerberos authentication and RSA public key
processing were not correctly handled in Java. A remote attacker
could exploit these flaws to cause a denial of service. (CVE-2008-5348,
CVE-2008-5349)

It was discovered that Java accepted UTF-8 encodings that might be
handled incorrectly by certain applications. A remote attacker could
bypass string filters, possible leading to other exploits. (CVE-2008-5351)

Overflows were discovered in Java JAR processing. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2008-5352, CVE-2008-5354)

It was discovered that Java calendar objects were not unserialized safely.
If a user or automated system were tricked into processing a specially
crafted calendar object, a remote attacker could execute arbitrary code
with user privileges. (CVE-2008-5353)

It was discovered that the Java image handling code could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2008-5358, CVE-2008-5359)

It was discovered that temporary files created by Java had predictable
names. If a user or automated system were tricked into processing a
specially crafted JAR file, a remote attacker could overwrite sensitive
information. (CVE-2008-5360)


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.diff.gz
Size/MD5: 222090 25681e25a40ae36385d2429e8b905009
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.dsc
Size/MD5: 2355 281bc682638116538e829499572e3cde
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz
Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.1_all.deb
Size/MD5: 8468244 7746db24f22ff25e7655bd9ad73b7077
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.1_all.deb
Size/MD5: 4708568 3e9ffbcebcadc431e5c1a21b80e9a9b7
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.1_all.deb
Size/MD5: 25619670 4eb18b9cdd11778e80ce6b1ac63c2040
http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.1_all.deb
Size/MD5: 49156890 044fa2fafc22c35568c01e46f85dbf0a

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 81028 8f3c35e45a001a5bb5e7d7231656e206
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 47370572 db9493bf071aa08183a7aeef6efc71ea
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 2366078 639ac32c62c5b951a77a0a58fcf8ee70
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 9942620 ac6600eb8cddc9afd55d37a646ba3a89
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 24087518 d9b0e9f7a0f6df9392eed8c67fa77acd
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_amd64.deb
Size/MD5: 241532 404e268000d8d15e903f67eb4383146e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_i386.deb
Size/MD5: 71520 9af6963e6ddc977bd05a8dbbe40f1139
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_i386.deb
Size/MD5: 101844924 fcdcbeacbb5f2854f68efa196e6d0ab3
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_i386.deb
Size/MD5: 2348616 6313881219ebbee2ee650685bcb6105f
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_i386.deb
Size/MD5: 9949838 366df23097c855e2d329dec6bf9f9d24
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_i386.deb
Size/MD5: 25169062 1354f7327a8df3422a442f37b357f77a
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_i386.deb
Size/MD5: 230678 59ed425557f18fba815bcbf9b17c6d1d

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 72102 c3317b35cd38f7b4ab607bf49331e440
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 101930608 292954d99c81b528891824548c6b885e
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 2345410 fc2cd7ec4e96749e39307f756231fdc3
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 9945176 4a8fb4a2b021f7ce6729dca9b0eef67c
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 25192978 cccb11f6580b47ab30c981a0a8cea0f6
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_lpia.deb
Size/MD5: 227450 abf58752fcf129175266e60b86857f8c

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 77056 790776ea3f41a2392e6c9666402428c0
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 35896200 55947cfd47a40e248a626adcb601b4da
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 2393068 c475228e916c602eea348b0382f51f21
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 8599254 97e338f60e55a488ef0ba06bc23cf414
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 22974726 e3bf13b8599a94a0b89f2757a90800f5
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_powerpc.deb
Size/MD5: 255456 54b666eaaf464931a56406d09cfff088

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 70100 b4addb80ceb8e01dd8819a1bc3b8c89a
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 103684964 9f7150e6e1675831b723cdbae5b5c963
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 2355110 38f63636383fcb60ba60552ca4e0c60c
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 9927636 7c32c7c800f01a2dc1ae878eceade91d
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 25175260 a09637fa2629b9ffa58d932078a44d67
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_sparc.deb
Size/MD5: 232954 17e8a53c99ea3ac34c0018b2e60a2be8

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close