Ubuntu 11.04 / 11.10 : icedtea-web regression (USN-1505-2)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update,
IcedTea-Web packages were upgraded to a new version. That upgrade
introduced a regression which prevented the IcedTea-Web plugin from
working with the Chromium web browser in Ubuntu 11.04 and Ubuntu
11.10. This update fixes the problem.

We apologize for the inconvenience.

It was discovered that multiple flaws existed in the CORBA (Common
Object Request Broker Architecture) implementation in OpenJDK. An
attacker could create a Java application or applet that used these
flaws to bypass Java sandbox restrictions or modify immutable object
data. (CVE-2012-1711, CVE-2012-1719)

It was discovered that multiple flaws existed in the OpenJDK
font manager's layout lookup implementation. A attacker
could specially craft a font file that could cause a denial
of service through crashing the JVM (Java Virtual Machine)
or possibly execute arbitrary code. (CVE-2012-1713)

It was discovered that the SynthLookAndFeel class from Swing
in OpenJDK did not properly prevent access to certain UI
elements from outside the current application context. An
attacker could create a Java application or applet that used
this flaw to cause a denial of service through crashing the
JVM or bypass Java sandbox restrictions. (CVE-2012-1716)

It was discovered that OpenJDK runtime library classes could
create temporary files with insecure permissions. A local
attacker could use this to gain access to sensitive
information. (CVE-2012-1717)

It was discovered that OpenJDK did not handle CRLs
(Certificate Revocation Lists) properly. A remote attacker
could use this to gain access to sensitive information.
(CVE-2012-1718)

It was discovered that the OpenJDK HotSpot Virtual Machine
did not properly verify the bytecode of the class to be
executed. A remote attacker could create a Java application
or applet that used this to cause a denial of service
through crashing the JVM or bypass Java sandbox
restrictions. (CVE-2012-1723, CVE-2012-1725)

It was discovered that the OpenJDK XML (Extensible Markup
Language) parser did not properly handle some XML documents.
An attacker could create an XML document that caused a
denial of service in a Java application or applet parsing
the document. (CVE-2012-1724)

As part of this update, the IcedTea web browser applet
plugin was updated for Ubuntu 10.04 LTS, Ubuntu 11.04, and
Ubuntu 11.10.

Solution :

Update the affected icedtea-6-plugin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true