Java XML vulnerability (versions prior to 6 update 15)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sun-java6 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
http://
"Details
Several vulnerabilities regarding the parsing of XML data have been found in XML library implementations. CERT-FI coordinated the remediation efforts of these vulnerabilities.
The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content."
To update by hand:
Download java 6 update 15:
32 bits: http://
64 bits: http://
And follow these steps:
sudo mv /.../jre-
cd /opt/
chmod +x jre-6u15-
sudo ./jre-6u15-
YES
sudo update-alternatives --install /usr/bin/java java /opt/jre1.
sudo update-alternatives --config java
sudo rm /usr/bin/java
sudo ln -fs /opt/jre1.
visibility: | private → public |
tags: |
added: upgrade removed: sun xml |