Security vulnerabilities in sun-java6-*
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sun-java6 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sun-java6-jre
Sun Java 6 update 6 (both JRE and JDK, included in multiverse for Ubuntu 8.04 / Hardy Heron) has several known security vulnerabilities, including a vulnerability that may allow applets to remotely read sensitive data if a user enters a malicious web page, considered highly critical by Secunia [1].
Java 6 update 7 from Sun contains fixes for these vulnerabilities [2].
I know that these packages are non-free and not officially supported, but if it's possible for the sun-java6-* package maintainers to prepare and upload an updated package, that would be great since it would greatly improve the security of these packages. They are, although in multiverse, commonly installed on Ubuntu systems. Even a backport would be better than nothing -- update 7 already seems to be in intrepid.
[1] http://
[2] http://
Making public since the vulnerabilities have been public at least since the new upstream version anyway.