USN-859-1: OpenJDK vulnerabilities

12 November 2009

OpenJDK vulnerabilities

Releases

Packages

Details

Dan Kaminsky discovered that SSL certificates signed with MD2 could be
spoofed given enough time. As a result, an attacker could potentially
create a malicious trusted certificate to impersonate another site. This
update handles this issue by completely disabling MD2 for certificate
validation in OpenJDK. (CVE-2009-2409)

It was discovered that ICC profiles could be identified with
".." pathnames. If a user were tricked into running a specially
crafted applet, a remote attacker could gain information about a local
system. (CVE-2009-3728)

Peter Vreugdenhil discovered multiple flaws in the processing of graphics
in the AWT library. If a user were tricked into running a specially
crafted applet, a remote attacker could crash the application or run
arbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871)

Multiple flaws were discovered in JPEG and BMP image handling. If a user
were tricked into loading a specially crafted image, a remote attacker
could crash the application or run arbitrary code with user privileges.
(CVE-2009-3873, CVE-2009-3874, CVE-2009-3885)

Coda Hale discovered that HMAC-based signatures were not correctly
validated. Remote attackers could bypass certain forms of authentication,
granting unexpected access. (CVE-2009-3875)

Multiple flaws were discovered in ASN.1 parsing. A remote attacker
could send a specially crafted HTTP stream that would exhaust system
memory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877)

It was discovered that the graphics configuration subsystem did
not correctly handle arrays. If a user were tricked into running
a specially crafted applet, a remote attacker could exploit this
to crash the application or execute arbitrary code with user
privileges. (CVE-2009-3879)

It was discovered that loggers and Swing did not correctly handle
certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882,
CVE-2009-3883)

It was discovered that the ClassLoader did not correctly handle certain
options. If a user were tricked into running a specially crafted
applet, a remote attacker could execute arbitrary code with user
privileges. (CVE-2009-3881)

It was discovered that time zone file loading could be used to determine
the existence of files on the local system. If a user were tricked into
running a specially crafted applet, private information could be leaked
to a remote attacker, leading to a loss of privacy. (CVE-2009-3884)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10

After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.

Related notices

  • USN-809-1: libgnutls12, libgnutls13, libgnutls26, gnutls12, gnutls13, gnutls26
  • USN-810-1: libnss3-1d, nss
  • USN-830-1: libssl0.9.8, openssl