USN-1010-1: OpenJDK vulnerabilities

28 October 2010

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and
SSLv3 protocols. If an attacker could perform a machine-in-the-middle
attack at the start of a TLS connection, the attacker could inject
arbitrary content at the beginning of the user's session. USN-923-1
disabled SSL/TLS renegotiation by default; this update implements
the TLS Renegotiation Indication Extension as defined in RFC 5746,
and thus supports secure renegotiation between updated clients and
servers. (CVE-2009-3555)

It was discovered that the HttpURLConnection class did not validate
request headers set by java applets, which could allow an attacker to
trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3541)

It was discovered that JNDI could leak information that would allow an
attacker to to access information about otherwise-protected internal
network names. (CVE-2010-3548)

It was discovered that HttpURLConnection improperly handled the
"chunked" transfer encoding method, which could allow attackers to
conduct HTTP response splitting attacks. (CVE-2010-3549)

It was discovered that the NetworkInterface class improperly
checked the network "connect" permissions for local network
addresses. This could allow an attacker to read local network
addresses. (CVE-2010-3551)

It was discovered that UIDefault.ProxyLazyValue had unsafe reflection
usage, allowing an attacker to create objects. (CVE-2010-3553)

It was discovered that multiple flaws in the CORBA reflection
implementation could allow an attacker to execute arbitrary code by
misusing permissions granted to certain system objects. (CVE-2010-3554)

It was discovered that unspecified flaws in the Swing library could
allow untrusted applications to modify the behavior and state of
certain JDK classes. (CVE-2010-3557)

It was discovered that the privileged accept method of the ServerSocket
class in the CORBA implementation allowed it to receive connections
from any host, instead of just the host of the current connection.
An attacker could use this flaw to bypass restrictions defined by
network permissions. (CVE-2010-3561)

It was discovered that there exists a double free in java's
indexColorModel that could allow an attacker to cause an applet
or application to crash, or possibly execute arbitrary code
with the privilege of the user running the java applet or
application. (CVE-2010-3562)

It was discovered that the Kerberos implementation improperly checked
AP-REQ requests, which could allow an attacker to cause a denial of
service against the receiving JVM. (CVE-2010-3564)

It was discovered that improper checks of unspecified image metadata in
JPEGImageWriter.writeImage of the imageio API could allow an attacker
to execute arbitrary code with the privileges of the user running a
java applet or application. (CVE-2010-3565)

It was discovered that an unspecified vulnerability in the ICC
profile handling code could allow an attacker to execute arbitrary
code with the privileges of the user running a java applet or
application. (CVE-2010-3566)

It was discovered that a miscalculation in the OpenType font rendering
implementation would allow out-of-bounds memory access. This could
allow an attacker to execute arbitrary code with the privileges of
the user running a java application. (CVE-2010-3567)

It was discovered that an unspecified race condition in the way
objects were deserialized could allow an attacker to cause an applet
or application to misuse the privileges of the user running the java
applet or application. (CVE-2010-3568)

It was discovered that the defaultReadObject of the Serialization
API could be tricked into setting a volatile field multiple times.
This could allow an attacker to execute arbitrary code with the
privileges of the user running a java applet or application.
(CVE-2010-3569)

It was discovered that the HttpURLConnection class did not validate
request headers set by java applets, which could allow an attacker to
trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3573)

It was discovered that the HttpURLConnection class improperly checked
whether the calling code was granted the "allowHttpTrace" permission,
allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro