USN-1052-1: OpenJDK vulnerability

26 January 2011

openjdk-6, openjdk-6b18 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10

Summary

Software Description

  • openjdk-6
  • openjdk-6b18

Details

It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. (CVE-2010-4351)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
icedtea6-plugin - 6b20-1.9.4-0ubuntu1
Ubuntu 10.04 LTS
icedtea6-plugin - 6b20-1.9.4-0ubuntu1~10.04.1
Ubuntu 9.10
icedtea6-plugin - 6b20-1.9.4-0ubuntu1~9.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes.

References