[Bug 665684] [NEW] Please make sun-java6 6.22 security release available for karmic, jaunty and hardy

Sat, 23 Oct 2010 13:05:41 -0700 

Public bug reported:

On Oct.18th 2010 release 6.22-0ubuntu1~10.10 and ...10.04 of sun-java6
package were released to maverick and lucid but karmic, jaunty and hardy
are still on older versions. As 6.22 fixes a lot of CVE security issues,
this should be made available to the other supported ubuntu releases as
well.

As jaunty-updates closes very soon, that may be the last update there??

>From the lucid package update description...

Changes: 
 sun-java6 (6.22-0ubuntu1~10.04) lucid; urgency=low
 .
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - (CVE-2010-3556): JDK unspecified vulnerability in 2D component
     - (CVE-2010-3562): JDK IndexColorModel double-free
     - (CVE-2010-3565): JDK JPEG writeImage remote code execution
     - (CVE-2010-3566): JDK ICC Profile remote code execution
     - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in 
character counts
     - (CVE-2010-3571): JDK unspecified vulnerability in 2D component
     - (CVE-2010-3554): JDK corba reflection vulnerabilities
     - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
     - (CVE-2010-3568): JDK Deserialization Race condition
     - (CVE-2010-3569): JDK Serialization inconsistencies
     - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start 
component
     - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin 
component
     - (CVE-2010-3559): JDK unspecified vulnerability in Sound component
     - (CVE-2010-3572): JDK unspecified vulnerability in Sound component
     - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
     - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
     - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start 
component
     - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
     - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving 
connections from any host
     - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
     - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads 
to DoS
     - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request 
splitting)
     - (CVE-2010-3557): JDK Swing mutable static
     - (CVE-2010-3541): limit setting of some request headers in 
HttpURLConnection
     - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
     - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
     - (CVE-2010-3548): JDK DNS server IP address information leak
     - (CVE-2010-3551): NetworkInterface reveals local network address to 
untrusted code
     - (CVE-2010-3560): JDK unspecified vulnerability in Networking component

** Affects: sun-java6 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Please make sun-java6 6.22 security release available for karmic, jaunty and 
hardy
https://bugs.launchpad.net/bugs/665684
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to