exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 748-1

Ubuntu Security Notice 748-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-748-1 - It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service.

tags | advisory, java, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
SHA-256 | a02bfd44068b80cf235a81d4010c10c19e16ccc39c1f3402459054a13c80dcdd

Ubuntu Security Notice 748-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-748-1 March 26, 2009
openjdk-6 vulnerabilities
CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
icedtea6-plugin 6b12-0ubuntu6.4
openjdk-6-jdk 6b12-0ubuntu6.4
openjdk-6-jre 6b12-0ubuntu6.4
openjdk-6-jre-headless 6b12-0ubuntu6.4
openjdk-6-jre-lib 6b12-0ubuntu6.4

After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.

Details follow:

It was discovered that font creation could leak temporary files.
If a user were tricked into loading a malicious program or applet,
a remote attacker could consume disk space, leading to a denial of
service. (CVE-2006-2426, CVE-2009-1100)

It was discovered that the lightweight HttpServer did not correctly close
files on dataless connections. A remote attacker could send specially
crafted requests, leading to a denial of service. (CVE-2009-1101)

Certain 64bit Java actions would crash an application. A local attacker
might be able to cause a denial of service. (CVE-2009-1102)

It was discovered that LDAP connections did not close correctly.
A remote attacker could send specially crafted requests, leading to a
denial of service. (CVE-2009-1093)

Java LDAP routines did not unserialize certain data correctly. A remote
attacker could send specially crafted requests that could lead to
arbitrary code execution. (CVE-2009-1094)

Java did not correctly check certain JAR headers. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2009-1095, CVE-2009-1096)

It was discovered that PNG and GIF decoding in Java could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.diff.gz
Size/MD5: 257215 876f885acf37c0817a35956e6520de3a
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.dsc
Size/MD5: 2355 d8a4b0fe60497fd1f61c978c3c78e571
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz
Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.4_all.deb
Size/MD5: 8469732 b032a764ce88bd155f9aaba02ecc6566
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.4_all.deb
Size/MD5: 4709872 299164cb69aa3ec883867afb7d8d9054
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.4_all.deb
Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d
http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.4_all.deb
Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 81028 8952bc76c555dc8d950b2d3bfa940b7c
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 2366132 75294026f904346ec76397cd388252c3
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 9944822 cfd88c5f3fe97c67d8eca19908344823
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_amd64.deb
Size/MD5: 241642 240d8346bb895f9623091c94c81ae466

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_i386.deb
Size/MD5: 71516 5c67a03b0011a3bd117fae210ca27cd9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_i386.deb
Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_i386.deb
Size/MD5: 2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_i386.deb
Size/MD5: 9952338 c6bc056c5fa988f8841542a6801aa84d
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_i386.deb
Size/MD5: 25177778 41fa22a436950239955756efe7bc9112
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_i386.deb
Size/MD5: 230774 5c5188e21a7a5a76763d7f651162dc3a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 72110 1b419781fc73fe42b85ff180f520edc2
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 2345400 ef0b99c18c2ce4cd1ae68f1f20d08566
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 9947530 6bb618600d7c1f7ec68a68519094e0d9
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_lpia.deb
Size/MD5: 227556 ad49784b480e88550c61dfc069cb4d2a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 77056 11313904c64bee4204f6369b4ffd5e66
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 2393022 c04df84eeb2373a7f0cd84ad85610188
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 8600518 197d84aae1eaafdab671a5749b42b86c
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_powerpc.deb
Size/MD5: 255542 a7d6deeb5ef7143bb8631c593f4c36c6

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 70098 44eca12cf6d8ed10e02a755772052b5b
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 2355160 e8adc4df2d4bc39f66da967b5272d455
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 9940784 c35a4115f4587df050af4c16de829674
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_sparc.deb
Size/MD5: 233052 1773a666f39a632f458e850fb300ef12

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close