Content-Disposition: inline ============================================================================ Ubuntu Security Notice USN-1263-2 January 24, 2012 openjdk-6, openjdk-6b18 regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: USN-1263-1 caused a regression when using OpenJDK 6's SSL/TLS implementation. Software Description: - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Details: USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm (CVE-2011-3389) introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377) =20 Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389) =20 It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521) =20 It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544) =20 It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547) =20 It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548) =20 It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551) =20 It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552) =20 It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553) =20 It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554) =20 It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557) =20 It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558) =20 It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.1 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.1 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.1 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.1 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.1 Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.2 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.2 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.2 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.2 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.2 Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.3 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.3 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.3 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.3 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.3 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.3 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.3 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.3 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.3 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.3 After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1263-2 http://www.ubuntu.com/usn/usn-1263-1 https://launchpad.net/bugs/891761 Package Information: https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.2 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.2 https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.3 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.3 https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.3 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.3