Debians sikkerhedsbulletin
DSA-1769-1 openjdk-6 -- flere sårbarheder
- Rapporteret den:
- 11. apr 2009
- Berørte pakker:
- openjdk-6
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2006-2426, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101.
- Yderligere oplysninger:
-
Flere sårbarhede er opdaget i OpenJDK, en implementering af Java SE-platformen.
- CVE-2006-2426
Oprettelse af store, midlertidige fonte, kunne opbruge den tilgængelige diskplads, førende til en lammelsesangrebstilstad (denial of service).
- CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793
Flere sårbarheder fandtes i det indlejrede LittleCMS-bibliotek, udnytbare gennem fabrikerede billeder: en hukommelseslækage, medførende en lammelsesangrebstilstand (CVE-2009-0581), heap-baserede bufferoverløb, potentielt gørende det muligt at udføre vilkårlig kode (CVE-2009-0723, CVE-2009-0733), og en null-pointer-dereference, førende til et lammelsesangreb (CVE-2009-0793).
- CVE-2009-1093
LDAP-serverimplementeringen (i com.sun.jdni.ldap) lukkede ikke sockets på korrekt vis, hvis der opstod en fejl, førende til en lammelsesangrebstilstand.
- CVE-2009-1094
LDAP-klientimplementeringen (i com.sun.jdni.ldap) tillod at ondsindede LDAP-servere kunne udføre vilkårlig kode på klienten.
- CVE-2009-1101
HTTP-serverimplementeringen (sun.net.httpserver) indeholdt en uspecificeret lammelsesangrebssårbarhed.
- CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098
Flere problemer i Java Web Start er blevet løst. Debians pakker understøtter i øjeblikket ikke Java Web Start, så disse problemer er ikke direkte udnytbare, men den relevante kode er ikke desto mindre blevet opdateret.
I den stabile distribution (lenny), er disse problemer rettet i version 9.1+lenny2.
Vi anbefaler at du opgraderer dine openjdk-6-pakker.
- CVE-2006-2426
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11-9.1+lenny2.dsc
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11.orig.tar.gz
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11-9.1+lenny2.diff.gz
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11.orig.tar.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-doc_6b11-9.1+lenny2_all.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-lib_6b11-9.1+lenny2_all.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-source_6b11-9.1+lenny2_all.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-lib_6b11-9.1+lenny2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_amd64.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_mips.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_mips.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_mips.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_mips.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_mips.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.