openjdk team mailing list archive

Thread
Date
Bug#566769: openjdk-6: security issues published in early 2009

To: submit@xxxxxxxxxxxxxxx
From: Michael Gilbert <michael.s.gilbert@xxxxxxxxx>
Date: Mon, 25 Jan 2010 01:35:04 -0000
Delivered-to: submit@xxxxxxxxxxxxxxx
Reply-to: Michael Gilbert <michael.s.gilbert@xxxxxxxxx>, 566769@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Mon, 25 Jan 2010 01:33:02 +0000
Resent-date: Mon, 25 Jan 2010 01:33:05 +0000
Resent-from: Michael Gilbert <michael.s.gilbert@xxxxxxxxx>
Resent-message-id: <handler.566769.B.12643830014797@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
Package: openjdk-6
Version: 6_6b17~pre3-1
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for openjdk-6.  It is very likely that they are all
fixed; however, this needs to be manually verified. Please check and
reply in-line with the fixed package version for each issue. Thank you.

CVE-2009-1093[0]:
| LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java
| Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and
| earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier
| does not close the connection when initialization fails, which allows
| remote attackers to cause a denial of service (LDAP service hang).

CVE-2009-1094[1]:
| Unspecified vulnerability in the LDAP implementation in Java SE
| Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17
| and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and
| earlier; and 1.4.2_19 and earlier allows remote LDAP servers to
| execute arbitrary code via unknown vectors related to serialized data.

CVE-2009-1095[2]:
| Integer overflow in unpack200 in Java SE Development Kit (JDK) and
| Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update
| 12 and earlier, allows remote attackers to access files or execute
| arbitrary code via a JAR file with crafted Pack200 headers.

CVE-2009-1096[3]:
| Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java
| Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12
| and earlier, allows remote attackers to access files or execute
| arbitrary code via a JAR file with crafted Pack200 headers.

CVE-2009-1097[4]:
| Multiple buffer overflows in Java SE Development Kit (JDK) and Java
| Runtime Environment (JRE) 6 Update 12 and earlier allow remote
| attackers to access files or execute arbitrary code via (1) a crafted
| PNG image that triggers an integer overflow during memory allocation
| for display on the splash screen, aka CR 6804996; and (2) a crafted
| GIF image from which unspecified values are used in calculation of
| offsets, leading to object-pointer corruption, aka CR 6804997.

CVE-2009-1098[5]:
| Buffer overflow in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;
| 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers
| to access files or execute arbitrary code via a crafted GIF image, aka
| CR 6804998.

CVE-2009-1099[6]:
| Integer signedness error in Java SE Development Kit (JDK) and Java
| Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12
| and earlier, allows remote attackers to access files or execute
| arbitrary code via crafted glyph descriptions in a Type1 font, which
| bypasses a signed comparison and triggers a buffer overflow.

CVE-2009-1101[7]:
| Unspecified vulnerability in the lightweight HTTP server
| implementation in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 6 Update 12 and earlier allows remote attackers to
| cause a denial of service (probably resource consumption) for a JAX-WS
| service endpoint via a connection without any data, which triggers a
| file descriptor "leak."

CVE-2009-1102[8]:
| Unspecified vulnerability in the Virtual Machine in Java SE
| Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12
| and earlier allows remote attackers to access files and execute
| arbitrary code via unknown vectors related to "code generation."

CVE-2009-1103[9]:
| Unspecified vulnerability in the Java Plug-in in Java SE Development
| Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and
| earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24
| and earlier allows remote attackers to access files and execute
| arbitrary code via unknown vectors related to "deserializing applets,"
| aka CR 6646860.

CVE-2009-1104[10]:
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;
| and 1.4.2_19 and earlier does not prevent Javascript that is loaded
| from the localhost from connecting to other ports on the system, which
| allows user-assisted attackers to bypass intended access restrictions
| via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be
| leveraged with separate cross-site scripting (XSS) vulnerabilities for
| remote attack vectors.

CVE-2009-1105[11]:
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote
| attackers to cause a trusted applet to run in an older JRE version,
| which can be used to exploit vulnerabilities in that older version,
| aka CR 6706490.

CVE-2009-1106[12]:
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 6 Update 12, 11, and 10 does not properly parse
| crossdomain.xml files, which allows remote attackers to bypass
| intended access restrictions and connect to arbitrary sites via
| unknown vectors, aka CR 6798948.

CVE-2009-1107[13]:
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
| Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and
| earlier, allows remote attackers to trick a user into trusting a
| signed applet via unknown vectors that misrepresent the security
| warning dialog, related to a "Swing JLabel HTML parsing
| vulnerability," aka CR 6782871.

CVE-2009-2675[14]:
| Integer overflow in the unpack200 utility in Sun Java Runtime
| Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE
| 5.0 before Update 20, allows context-dependent attackers to gain
| privileges via unspecified length fields in the header of a
| Pack200-compressed JAR file, which leads to a heap-based buffer
| overflow during decompression.

CVE-2009-2676[15]:
| Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE
| for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE
| 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE
| 1.4.2_21 and earlier; allows remote attackers to create or modify
| arbitrary files via vectors involving an untrusted Java applet that
| accesses an old version of JNLPAppletLauncher.

CVE-2009-2788[16]:
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow
| remote attackers to execute arbitrary SQL commands via the (1)
| adminName parameter to cp/auth.php, (2) cid parameter to artcat.php,
| and (3) catid parameter to show.php.

CVE-2009-2789[17]:
| SQL injection vulnerability in the Permis (com_groups) component 1.0
| for Joomla! allows remote attackers to execute arbitrary SQL commands
| via the id parameter in a list action to index.php.  NOTE: the
| provenance of this information is unknown; the details are obtained
| solely from third party information.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
    http://security-tracker.debian.org/tracker/CVE-2009-1093
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
    http://security-tracker.debian.org/tracker/CVE-2009-1094
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
    http://security-tracker.debian.org/tracker/CVE-2009-1095
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
    http://security-tracker.debian.org/tracker/CVE-2009-1096
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
    http://security-tracker.debian.org/tracker/CVE-2009-1097
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
    http://security-tracker.debian.org/tracker/CVE-2009-1098
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
    http://security-tracker.debian.org/tracker/CVE-2009-1099
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
    http://security-tracker.debian.org/tracker/CVE-2009-1101
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102
    http://security-tracker.debian.org/tracker/CVE-2009-1102
[9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
    http://security-tracker.debian.org/tracker/CVE-2009-1103
[10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
    http://security-tracker.debian.org/tracker/CVE-2009-1104
[11] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
    http://security-tracker.debian.org/tracker/CVE-2009-1105
[12] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
    http://security-tracker.debian.org/tracker/CVE-2009-1106
[13] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
    http://security-tracker.debian.org/tracker/CVE-2009-1107
[14] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
    http://security-tracker.debian.org/tracker/CVE-2009-2675
[15] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676
    http://security-tracker.debian.org/tracker/CVE-2009-2676
[16] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2788
    http://security-tracker.debian.org/tracker/CVE-2009-2788
[17] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2789
    http://security-tracker.debian.org/tracker/CVE-2009-2789