USN-971-1: OpenJDK vulnerabilities

16 August 2010

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04

Summary

Exposed arbitrary file contents to remote systems.

Software Description

  • openjdk-6 - Java Virtual Machine

Details

It was discovered that the IcedTea plugin did not correctly check certain accesses. If a user or automated system were tricked into running a specially crafted Java applet, a remote attacker could read arbitrary files with user privileges, leading to a loss of privacy. (CVE-2010-2548, CVE-2010-2783)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
icedtea6-plugin - 6b18-1.8.1-0ubuntu1
Ubuntu 9.10
icedtea6-plugin - 6b18-1.8.1-0ubuntu1~9.10.1
Ubuntu 9.04
icedtea6-plugin - 6b18-1.8.1-0ubuntu1~9.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java applications to make all the necessary changes.

References