USN-859-1: OpenJDK vulnerabilities

12 November 2009

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10

Software Description

  • openjdk-6

Details

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. (CVE-2009-2409)

It was discovered that ICC profiles could be identified with “..” pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. (CVE-2009-3728)

Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871)

Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3873, CVE-2009-3874, CVE-2009-3885)

Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. (CVE-2009-3875)

Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877)

It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. (CVE-2009-3879)

It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882, CVE-2009-3883)

It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-3881)

It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3884)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
icedtea6-plugin - 6b16-1.6.1-3ubuntu1
openjdk-6-jre - 6b16-1.6.1-3ubuntu1
Ubuntu 9.04
icedtea6-plugin - 6b14-1.4.1-0ubuntu12
openjdk-6-jre - 6b14-1.4.1-0ubuntu12
Ubuntu 8.10
icedtea6-plugin - 6b12-0ubuntu6.6
openjdk-6-jre - 6b12-0ubuntu6.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any Java applications to effect the necessary changes.

References