Ubuntu
sun-java6 package

Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated

Bug #349135 reported by Jo Shields
258
Affects Status Importance Assigned to Milestone
sun-java5 (Ubuntu)
Fix Released
High
Unassigned
sun-java6 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

There is an important security bug in versions 6.0u12 and below of Sun Java 6, and 5.0u17 and below in Sun Java 5: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1

Related branches

lp:ubuntu/jaunty/sun-java6
Kees Cook (kees)
Changed in sun-java6 (Ubuntu):
status: New → Triaged
visibility: private → public
Changed in sun-java5 (Ubuntu):
status: New → Triaged
Revision history for this message
Matthias Klose (doko) wrote :

please sync sun-java5 (1.5.0-18-1) from unstable; overwriting the ubuntu changes

  * New upstream version.
  * Release notes at http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_18

Revision history for this message
Matthias Klose (doko) wrote :

please sync sun-java6 (6-13-1) from unstable; overwriting the ubuntu changes

Changed in sun-java5 (Ubuntu):
importance: Undecided → High
Changed in sun-java6 (Ubuntu):
importance: Undecided → High
Revision history for this message
Steve Langasek (vorlon) wrote :

[Updating] sun-java5 (1.5.0-17-0ubuntu1 [Ubuntu] < 1.5.0-18-1 [Debian])
 * Trying to add sun-java5...
  - <sun-java5_1.5.0-18.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <sun-java5_1.5.0-18-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <sun-java5_1.5.0-18-1.diff.gz: downloading from http://ftp.debian.org/debian/>
I: sun-java5 [multiverse] -> sun-java5-jre_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-bin_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-plugin_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> ia32-sun-java5-bin_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-fonts_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-jdk_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-demo_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-source_1.5.0-17-0ubuntu1 [multiverse].
I: sun-java5 [multiverse] -> sun-java5-doc_1.5.0-17-0ubuntu1 [multiverse].

Changed in sun-java5:
status: Triaged → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

[Updating] sun-java6 (6-12-0ubuntu1 [Ubuntu] < 6-13-1 [Debian])
 * Trying to add sun-java6...
  - <sun-java6_6-13-1.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <sun-java6_6-13.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <sun-java6_6-13-1.dsc: downloading from http://ftp.debian.org/debian/>
I: sun-java6 [multiverse] -> sun-java6-jre_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-bin_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-plugin_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> ia32-sun-java6-bin_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-fonts_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-jdk_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-demo_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-source_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-doc_6-12-0ubuntu1 [multiverse].
I: sun-java6 [multiverse] -> sun-java6-javadb_6-12-0ubuntu1 [multiverse].

Changed in sun-java6:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.