Ubuntu Security Notice USN-859-1
12th November, 2009
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.10
Software description
- openjdk-6
Details
Dan Kaminsky discovered that SSL certificates signed with MD2 could be
spoofed given enough time. As a result, an attacker could potentially
create a malicious trusted certificate to impersonate another site. This
update handles this issue by completely disabling MD2 for certificate
validation in OpenJDK. (CVE-2009-2409)
It was discovered that ICC profiles could be identified with
".." pathnames. If a user were tricked into running a specially
crafted applet, a remote attacker could gain information about a local
system. (CVE-2009-3728)
Peter Vreugdenhil discovered multiple flaws in the processing of graphics
in the AWT library. If a user were tricked into running a specially
crafted applet, a remote attacker could crash the application or run
arbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871)
Multiple flaws were discovered in JPEG and BMP image handling. If a user
were tricked into loading a specially crafted image, a remote attacker
could crash the application or run arbitrary code with user privileges.
(CVE-2009-3873, CVE-2009-3874, CVE-2009-3885)
Coda Hale discovered that HMAC-based signatures were not correctly
validated. Remote attackers could bypass certain forms of authentication,
granting unexpected access. (CVE-2009-3875)
Multiple flaws were discovered in ASN.1 parsing. A remote attacker
could send a specially crafted HTTP stream that would exhaust system
memory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877)
It was discovered that the graphics configuration subsystem did
not correctly handle arrays. If a user were tricked into running
a specially crafted applet, a remote attacker could exploit this
to crash the application or execute arbitrary code with user
privileges. (CVE-2009-3879)
It was discovered that loggers and Swing did not correctly handle
certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882,
CVE-2009-3883)
It was discovered that the ClassLoader did not correctly handle certain
options. If a user were tricked into running a specially crafted
applet, a remote attacker could execute arbitrary code with user
privileges. (CVE-2009-3881)
It was discovered that time zone file loading could be used to determine
the existence of files on the local system. If a user were tricked into
running a specially crafted applet, private information could be leaked
to a remote attacker, leading to a loss of privacy. (CVE-2009-3884)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.10:
- icedtea6-plugin 6b16-1.6.1-3ubuntu1
- openjdk-6-jre 6b16-1.6.1-3ubuntu1
- Ubuntu 9.04:
- icedtea6-plugin 6b14-1.4.1-0ubuntu12
- openjdk-6-jre 6b14-1.4.1-0ubuntu12
- Ubuntu 8.10:
- icedtea6-plugin 6b12-0ubuntu6.6
- openjdk-6-jre 6b12-0ubuntu6.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.
References
CVE-2009-2409, CVE-2009-3728, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3885