sun-java6 browser plugin forces stack to be executable
Bug #535247 reported by
Kees Cook
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sun-java6 (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
When the sun-java6 browser plugin executes an applet, it needlessly forces the stack to become executable:
[pid 3367] mprotect(
This should not be done, and poses a security risk. For comparison, openjdk-6's browser plugin does not do this.
security vulnerability: | no → yes |
Changed in sun-java6 (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
tags: | added: kernel-series-unknown |
tags: | removed: kernel-series-unknown |
Changed in sun-java6 (Ubuntu): | |
status: | Confirmed → Fix Committed |
status: | Fix Committed → Fix Released |
status: | Fix Released → Fix Committed |
Changed in sun-java6 (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.