openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #03371
[Bug 552287] Re: IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
This bug was fixed in the package openjdk-6 - 6b18~pre4-0ubuntu2
---------------
openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low
* Fix typo in NPPlugin code. LP: #552287.
-- Matthias Klose <doko@xxxxxxxxxx> Wed, 31 Mar 2010 10:41:11 +0200
** Changed in: openjdk-6 (Ubuntu)
Status: Triaged => Fix Released
--
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status in “openjdk-6” package in Ubuntu: Fix Released
Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.
(Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.)
1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow
See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses. It will only sometimes result in a crash of the Firefox process.
It's easier to just paste a fix for this bug than describe it more. The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.
Marking security vulnerability for safety; I think this would be hard to exploit.