Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

openjdk-6 vulnerabilities

Related Vulnerabilities: CVE-2006-2426   CVE-2009-1100   CVE-2009-1101   CVE-2009-1102   CVE-2009-1093   CVE-2009-1094   CVE-2009-1095   CVE-2009-1096   CVE-2009-1097   CVE-2009-1098  

It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. (CVE-2006-2426, CVE-2009-1100)

It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1101)

Source

26 March 2009

openjdk-6 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10

Software Description

  • openjdk-6

Details

It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. (CVE-2006-2426, CVE-2009-1100)

It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1101)

The Java Runtime Environment did not correctly validate certain generated code. If a user were tricked into running a malicious applet a remote attacker could execute arbitrary code. (CVE-2009-1102)

It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093)

Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094)

Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096)

It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
icedtea6-plugin - 6b12-0ubuntu6.4
openjdk-6-jdk - 6b12-0ubuntu6.4
openjdk-6-jre - 6b12-0ubuntu6.4
openjdk-6-jre-headless - 6b12-0ubuntu6.4
openjdk-6-jre-lib - 6b12-0ubuntu6.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any Java applications to effect the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started