Ubuntu Security Notice USN-971-1
16th August, 2010
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 9.04
Summary
Exposed arbitrary file contents to remote systems.
Software description
- openjdk-6 - Java Virtual Machine
Details
It was discovered that the IcedTea plugin did not correctly check certain
accesses. If a user or automated system were tricked into running a
specially crafted Java applet, a remote attacker could read arbitrary
files with user privileges, leading to a loss of privacy. (CVE-2010-2548,
CVE-2010-2783)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 10.04 LTS:
- icedtea6-plugin 6b18-1.8.1-0ubuntu1
- Ubuntu 9.10:
- icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.10.1
- Ubuntu 9.04:
- icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any Java applications
to make all the necessary changes.