[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101215001344.GP4894@outflux.net>
Date: Tue, 14 Dec 2010 16:13:45 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1024-2] OpenJDK regression
===========================================================
Ubuntu Security Notice USN-1024-2 December 13, 2010
openjdk-6 regression
https://launchpad.net/bugs/688522
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
openjdk-6-jdk 6b20-1.9.2-0ubuntu2
After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.
Details follow:
USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additional
backported improvements could interfere with the compilation of certain
Java software. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that certain system property information was being
leaked, which could allow an attacker to obtain sensitive information.
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2-0ubuntu2.diff.gz
Size/MD5: 144304 adc24f6354df2a2a1ae1d024069f9cf7
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2-0ubuntu2.dsc
Size/MD5: 3004 b5b17735587556b44e8f661f56e2c912
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2.orig.tar.gz
Size/MD5: 73145170 16097f5b8d699fb72a7e9f4f40f7bc0a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.2-0ubuntu2_all.deb
Size/MD5: 19975574 e86e54e0edcb1ee7572a2cb8310c1a21
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.2-0ubuntu2_all.deb
Size/MD5: 6155244 1e592facd826f092e948eca45d199616
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.2-0ubuntu2_all.deb
Size/MD5: 26839560 46684345135ee2f3444a4c08e204bafd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 430828 ab0dd71c758c1c606c547566484fc7ab
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 83390 d5e8d526e022c291f4c6c37fd54b665e
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 119310214 a331b97c32ebe934759dd4c879c2a798
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 2361192 d4046e2391f6bcf661bf4be219e01769
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 10856514 fb3b73f9c3c960594b60fee0bd31a283
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 25582314 92d0bcb779bfdc09ad79c26a03da4aa9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 267252 93f44ba496f94ac2c8549e9db4099c07
http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_amd64.deb
Size/MD5: 2242408 0189fc3811c39f8769bd7908061e2beb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 416068 ae5cefb8d5fae5ef7ca2e71d5cc7eaaa
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 78702 64782c55d8ee34c7da7591669b4fd2b4
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 172650414 3f7d938530597a3d53c7ab67933e703c
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 2348234 d73243c82be1514173abc1574af64e40
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 10858410 b228042cf914be243478f9eb8b836ccc
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 27410392 44019332daa4e4d46d1fade7ccb8b02e
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 251276 11804e5988e0ba558127ff8c516f6456
http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_i386.deb
Size/MD5: 1922634 a3f31a76ec31e6ee34fb8d8bc0335b7b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 444444 235d9217818b49cf5e3c72f12ac045c1
http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 82776 c0713cbcc401c026426a95d3cfe15923
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 103343382 bf96779e5b0ad00c302455cb10b48abb
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 2363304 fe6fdbb18735ab72755ce424ba0a6741
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 8794756 461c46db395c63fc26fe369f50d9e33e
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 23910018 562f549319cebf5517396f460d285402
http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 270432 706e3136ae99d720842ff969715edcf5
http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_powerpc.deb
Size/MD5: 2052594 0c789c3ca39d05fd4d1fe7fcf7fd3cb3
Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists