Ubuntu
sun-java6 package

Java XML vulnerability (versions prior to 6 update 15)

Bug #410988 reported by Volodya
This bug report is a duplicate of:  Bug #409559: version 1.6.0_15 is available . Edit Remove
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sun-java6 (Ubuntu)
New
Undecided
Unassigned

Bug Description

http://www.cert.fi/en/reports/2009/vulnerability2009085.html

"Details

Several vulnerabilities regarding the parsing of XML data have been found in XML library implementations. CERT-FI coordinated the remediation efforts of these vulnerabilities.

The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content."

To update by hand:

Download java 6 update 15:
32 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33223
64 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33227

And follow these steps:

sudo mv /.../jre-6u15-linux-x64.bin /opt/
cd /opt/
chmod +x jre-6u15-linux-x64.bin
sudo ./jre-6u15-linux-x64.bin
YES
sudo update-alternatives --install /usr/bin/java java /opt/jre1.6.0_15/bin/java 1
sudo update-alternatives --config java
sudo rm /usr/bin/java
sudo ln -fs /opt/jre1.6.0_15/bin/java /usr/bin/java

Tags: java upgrade
Volodya (volodya)
visibility: private → public
Artur Rona (ari-tczew)
tags: added: upgrade
removed: sun xml
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.