Ubuntu
sun-java6 package

Sun Java 6 package should be updated to 6u4

Bug #187570 reported by hansalfredche
258
Affects Status Importance Assigned to Milestone
sun-java6 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Java 6 packages should be updated to 6u4. This release contains a lot of bug fixes (see release notes, long list) and corrects vulnerabilities.
http://java.sun.com/javase/downloads/index.jsp

Kees Cook (kees)
Changed in sun-java6:
status: New → Confirmed
Revision history for this message
James Stansell (jamesstansell) wrote :

The most recent security update was 6u11. A package has been created for jaunty already.

Revision history for this message
Dominic Hargreaves (dom) wrote :

The most recent security update was 6u13.

Revision history for this message
Andrew Snare (ajs-deactivatedaccount) wrote :

Bug 382918 covers updating to 6u14. That doesn't include any security fixes above 6u13, but if that bug is resolved then this bug may be as well.

Revision history for this message
Luke Scalfati (luke771) wrote :

It's not resolved. Turns out there's is a remote code execution vulnerability exploitable over the network in many applications in 6u14, that has been fixed in 6u15.
However, the latest update available from repos is 6u14_b08

Fix: make 6u15 available from repos.

NOTE: I got to know about this bug when Freenet (http://freenetproject.org ) refused to perform some tasks because of the "wrong" Java version being detected.
Freenet users on 6u15 report that the warning is gone.

I dont have any evidence of this bug, this report is based on the Freenet warning, the discussion on the Freenet mailing lists and the IRC channel (irc.freenode.net #freenet) where I was asked to link the following ceert-fi report: http://www.cert.fi/en/reports/2009/vulnerability2009085.html

Revision history for this message
Luke Scalfati (luke771) wrote :

hmm I guess I posted at the wrong bug. I'm checking out 382918 and possibly open a new one

Nikhil Chhaochharia (nikhilchh)
Changed in sun-java6 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.