Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6, openjdk-6b18 regression (USN-1263-2)

Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for
the chosen plaintext attack on the block-wise AES encryption algorithm
(CVE-2011-3389) introduced a regression that caused TLS/SSL
connections to fail when using certain algorithms. This update fixes
the problem.

We apologize for the inconvenience.

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should not
be permitted. (CVE-2011-3377)

Juliano Rizzo and Thai Duong discovered that the block-wise
AES encryption algorithm block-wise as used in TLS/SSL was
vulnerable to a chosen-plaintext attack. This could allow a
remote attacker to view confidential data. (CVE-2011-3389)

It was discovered that a type confusion flaw existed in the
in the Internet Inter-Orb Protocol (IIOP) deserialization
code. A remote attacker could use this to cause an untrusted
application or applet to execute arbitrary code by
deserializing malicious input. (CVE-2011-3521)

It was discovered that the Java scripting engine did not
perform SecurityManager checks. This could allow a remote
attacker to cause an untrusted application or applet to
execute arbitrary code with the full privileges of the JVM.
(CVE-2011-3544)

It was discovered that the InputStream class used a global
buffer to store input bytes skipped. An attacker could
possibly use this to gain access to sensitive information.
(CVE-2011-3547)

It was discovered that a vulnerability existed in the
AWTKeyStroke class. A remote attacker could cause an
untrusted application or applet to execute arbitrary code.
(CVE-2011-3548)

It was discovered that an integer overflow vulnerability
existed in the TransformHelper class in the Java2D
implementation. A remote attacker could use this cause a
denial of service via an application or applet crash or
possibly execute arbitrary code. (CVE-2011-3551)

It was discovered that the default number of available UDP
sockets for applications running under SecurityManager
restrictions was set too high. A remote attacker could use
this with a malicious application or applet exhaust the
number of available UDP sockets to cause a denial of service
for other applets or applications running within the same
JVM. (CVE-2011-3552)

It was discovered that Java API for XML Web Services
(JAX-WS) could incorrectly expose a stack trace. A remote
attacker could potentially use this to gain access to
sensitive information. (CVE-2011-3553)

It was discovered that the unpacker for pack200 JAR files
did not sufficiently check for errors. An attacker could
cause a denial of service or possibly execute arbitrary code
through a specially crafted pack200 JAR file.
(CVE-2011-3554)

It was discovered that the RMI registration implementation
did not properly restrict privileges of remotely executed
code. A remote attacker could use this to execute code with
elevated privileges. (CVE-2011-3556, CVE-2011-3557)

It was discovered that the HotSpot VM could be made to
crash, allowing an attacker to cause a denial of service or
possibly leak sensitive information. (CVE-2011-3558)

It was discovered that the HttpsURLConnection class did not
properly perform SecurityManager checks in certain
situations. This could allow a remote attacker to bypass
restrictions on HTTPS connections. (CVE-2011-3560).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true