USN-1024-1: OpenJDK vulnerability

Ubuntu Security Notice USN-1024-1

30th November, 2010

openjdk-6 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS

Software description

  • openjdk-6

Details

It was discovered that certain system property information was being
leaked, which could allow an attacker to obtain sensitive information.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1
icedtea6-plugin 6b20-1.9.2-0ubuntu1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1
openjdk-6-jre 6b20-1.9.2-0ubuntu1
Ubuntu 10.04 LTS:
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1~10.04.1
icedtea6-plugin 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jre 6b20-1.9.2-0ubuntu1~10.04.1
Ubuntu 9.10:
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~9.10.1
icedtea6-plugin 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jre 6b18-1.8.3-0ubuntu1~9.10.1
Ubuntu 8.04 LTS:
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~8.04.2
icedtea6-plugin 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jre 6b18-1.8.3-0ubuntu1~8.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

References

CVE-2010-3860