USN-971-1: OpenJDK vulnerabilities

Ubuntu Security Notice USN-971-1

16th August, 2010

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04

Summary

Exposed arbitrary file contents to remote systems.

Software description

  • openjdk-6 - Java Virtual Machine

Details

It was discovered that the IcedTea plugin did not correctly check certain
accesses. If a user or automated system were tricked into running a
specially crafted Java applet, a remote attacker could read arbitrary
files with user privileges, leading to a loss of privacy. (CVE-2010-2548,
CVE-2010-2783)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:
icedtea6-plugin 6b18-1.8.1-0ubuntu1
Ubuntu 9.10:
icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.10.1
Ubuntu 9.04:
icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java applications
to make all the necessary changes.

References

CVE-2010-2548, CVE-2010-2783