lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20101215001344.GP4894@outflux.net>
Date: Tue, 14 Dec 2010 16:13:45 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1024-2] OpenJDK regression

===========================================================
Ubuntu Security Notice USN-1024-2         December 13, 2010
openjdk-6 regression
https://launchpad.net/bugs/688522
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  openjdk-6-jdk                   6b20-1.9.2-0ubuntu2

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additional
backported improvements could interfere with the compilation of certain
Java software. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that certain system property information was being
 leaked, which could allow an attacker to obtain sensitive information.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2-0ubuntu2.diff.gz
      Size/MD5:   144304 adc24f6354df2a2a1ae1d024069f9cf7
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2-0ubuntu2.dsc
      Size/MD5:     3004 b5b17735587556b44e8f661f56e2c912
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.2.orig.tar.gz
      Size/MD5: 73145170 16097f5b8d699fb72a7e9f4f40f7bc0a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.2-0ubuntu2_all.deb
      Size/MD5: 19975574 e86e54e0edcb1ee7572a2cb8310c1a21
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.2-0ubuntu2_all.deb
      Size/MD5:  6155244 1e592facd826f092e948eca45d199616
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.2-0ubuntu2_all.deb
      Size/MD5: 26839560 46684345135ee2f3444a4c08e204bafd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5:   430828 ab0dd71c758c1c606c547566484fc7ab
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5:    83390 d5e8d526e022c291f4c6c37fd54b665e
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5: 119310214 a331b97c32ebe934759dd4c879c2a798
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5:  2361192 d4046e2391f6bcf661bf4be219e01769
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5: 10856514 fb3b73f9c3c960594b60fee0bd31a283
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5: 25582314 92d0bcb779bfdc09ad79c26a03da4aa9
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5:   267252 93f44ba496f94ac2c8549e9db4099c07
    http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_amd64.deb
      Size/MD5:  2242408 0189fc3811c39f8769bd7908061e2beb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5:   416068 ae5cefb8d5fae5ef7ca2e71d5cc7eaaa
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5:    78702 64782c55d8ee34c7da7591669b4fd2b4
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5: 172650414 3f7d938530597a3d53c7ab67933e703c
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5:  2348234 d73243c82be1514173abc1574af64e40
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5: 10858410 b228042cf914be243478f9eb8b836ccc
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5: 27410392 44019332daa4e4d46d1fade7ccb8b02e
    http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5:   251276 11804e5988e0ba558127ff8c516f6456
    http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_i386.deb
      Size/MD5:  1922634 a3f31a76ec31e6ee34fb8d8bc0335b7b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:   444444 235d9217818b49cf5e3c72f12ac045c1
    http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:    82776 c0713cbcc401c026426a95d3cfe15923
    http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5: 103343382 bf96779e5b0ad00c302455cb10b48abb
    http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:  2363304 fe6fdbb18735ab72755ce424ba0a6741
    http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:  8794756 461c46db395c63fc26fe369f50d9e33e
    http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5: 23910018 562f549319cebf5517396f460d285402
    http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:   270432 706e3136ae99d720842ff969715edcf5
    http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.2-0ubuntu2_powerpc.deb
      Size/MD5:  2052594 0c789c3ca39d05fd4d1fe7fcf7fd3cb3


Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ