Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Robert Buchholz (rbu)" <rbu@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200804-20.xml
Date: Fri, 18 Apr 2008 14:05:04
Message-Id: E1JmrD3-0006PZ-0l@stork.gentoo.org
1 rbu 08/04/18 14:05:01
2
3 Added: glsa-200804-20.xml
4 Log:
5 GLSA 200804-20
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-200804-20.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200804-20.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200804-20.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-200804-20.xml
14 ===================================================================
15 <?xml version="1.0" encoding="utf-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20 <glsa id="200804-20">
21 <title>Sun JDK/JRE: Multiple vulnerabilities</title>
22 <synopsis>
23 Multiple vulnerabilities have been identified in Sun Java Development Kit
24 (JDK) and Java Runtime Environment (JRE).
25 </synopsis>
26 <product type="ebuild">sun-jdk, sun-jre-bin, emul-linux-x86-java</product>
27 <announced>April 17, 2008</announced>
28 <revised>April 17, 2008: 01</revised>
29 <bug>178851</bug>
30 <bug>178962</bug>
31 <bug>183580</bug>
32 <bug>185256</bug>
33 <bug>194711</bug>
34 <bug>212425</bug>
35 <access>remote</access>
36 <affected>
37 <package name="dev-java/sun-jre-bin" auto="yes" arch="*">
38 <unaffected range="ge">1.6.0.05</unaffected>
39 <unaffected range="rge">1.5.0.15</unaffected>
40 <unaffected range="rge">1.4.2.17</unaffected>
41 <vulnerable range="lt">1.6.0.05</vulnerable>
42 </package>
43 <package name="dev-java/sun-jdk" auto="yes" arch="*">
44 <unaffected range="ge">1.6.0.05</unaffected>
45 <unaffected range="rge">1.5.0.15</unaffected>
46 <unaffected range="rge">1.4.2.17</unaffected>
47 <vulnerable range="lt">1.6.0.05</vulnerable>
48 </package>
49 <package name="app-emulation/emul-linux-x86-java" auto="yes" arch="*">
50 <unaffected range="ge">1.6.0.05</unaffected>
51 <unaffected range="rge">1.5.0.15</unaffected>
52 <unaffected range="rge">1.4.2.17</unaffected>
53 <vulnerable range="lt">1.6.0.05</vulnerable>
54 </package>
55 </affected>
56 <background>
57 <p>
58 The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
59 (JRE) provide the Sun Java platform.
60 </p>
61 </background>
62 <description>
63 <p>
64 Multiple vulnerabilities have been discovered in Sun Java:
65 </p>
66 <ul>
67 <li>Daniel Soeder discovered that a long codebase attribute string in a
68 JNLP file will overflow a stack variable when launched by Java WebStart
69 (CVE-2007-3655).</li>
70 <li>Multiple vulnerabilities (CVE-2007-2435,
71 CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA
72 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was
73 not mentioned in the initial revision of said GLSAs.</li>
74 <li>The Zero
75 Day Initiative, TippingPoint and John Heasman reported multiple buffer
76 overflows and unspecified vulnerabilities in Java Web Start
77 (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191).</li>
78 <li>Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue
79 when performing XSLT transformations (CVE-2008-1187).</li>
80 <li>CERT/CC
81 reported a Stack-based buffer overflow in Java Web Start when using
82 JNLP files (CVE-2008-1196).</li>
83 <li>Azul Systems reported an
84 unspecified vulnerability that allows applets to escalate their
85 privileges (CVE-2007-5689).</li>
86 <li>Billy Rios, Dan Boneh, Collin
87 Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne
88 discovered multiple instances where Java applets or JavaScript programs
89 run within browsers do not pin DNS hostnames to a single IP address,
90 allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273,
91 CVE-2007-5274).</li>
92 <li>Peter Csepely reported that Java Web Start
93 does not properly enforce access restrictions for untrusted
94 applications (CVE-2007-5237, CVE-2007-5238).</li>
95 <li>Java Web Start
96 does not properly enforce access restrictions for untrusted Java
97 applications and applets, when handling drag-and-drop operations
98 (CVE-2007-5239).</li>
99 <li>Giorgio Maone discovered that warnings for
100 untrusted code can be hidden under applications' windows
101 (CVE-2007-5240).</li>
102 <li>Fujitsu reported two security issues where
103 security restrictions of web applets and applications were not properly
104 enforced (CVE-2008-1185, CVE-2008-1186).</li>
105 <li>John Heasman of
106 NGSSoftware discovered that the Java Plug-in does not properly enforce
107 the same origin policy (CVE-2008-1192).</li>
108 <li>Chris Evans of the
109 Google Security Team discovered multiple unspecified vulnerabilities
110 within the Java Runtime Environment Image Parsing Library
111 (CVE-2008-1193, CVE-2008-1194).</li>
112 <li>Gregory Fleischer reported
113 that web content fetched via the "jar:" protocol was not subject to
114 network access restrictions (CVE-2008-1195).</li>
115 <li>Chris Evans and
116 Johannes Henkel of the Google Security Team reported that the XML
117 parsing code retrieves external entities even when that feature is
118 disabled (CVE-2008-0628).</li>
119 <li>Multiple unspecified vulnerabilities
120 might allow for escalation of privileges (CVE-2008-0657).</li>
121 </ul>
122 </description>
123 <impact type="normal">
124 <p>
125 A remote attacker could entice a user to run a specially crafted applet
126 on a website or start an application in Java Web Start to execute
127 arbitrary code outside of the Java sandbox and of the Java security
128 restrictions with the privileges of the user running Java. The attacker
129 could also obtain sensitive information, create, modify, rename and
130 read local files, execute local applications, establish connections in
131 the local network, bypass the same origin policy, and cause a Denial of
132 Service via multiple vectors.
133 </p>
134 </impact>
135 <workaround>
136 <p>
137 There is no known workaround at this time.
138 </p>
139 </workaround>
140 <resolution>
141 <p>
142 All Sun JRE users should upgrade to the latest version:
143 </p>
144 <code>
145 # emerge --sync
146 # emerge --ask --oneshot --verbose &quot;dev-java/sun-jre-bin&quot;</code>
147 <p>
148 All Sun JDK users should upgrade to the latest version:
149 </p>
150 <code>
151 # emerge --sync
152 # emerge --ask --oneshot --verbose &quot;dev-java/sun-jdk&quot;</code>
153 <p>
154 All emul-linux-x86-java users should upgrade to the latest version:
155 </p>
156 <code>
157 # emerge --sync
158 # emerge --ask --oneshot --verbose &quot;app-emulation/emul-linux-x86-java&quot;</code>
159 </resolution>
160 <references>
161 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435">CVE-2007-2435</uri>
162 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788">CVE-2007-2788</uri>
163 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789">CVE-2007-2789</uri>
164 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655">CVE-2007-3655</uri>
165 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232">CVE-2007-5232</uri>
166 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237">CVE-2007-5237</uri>
167 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238">CVE-2007-5238</uri>
168 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239">CVE-2007-5239</uri>
169 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240">CVE-2007-5240</uri>
170 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273">CVE-2007-5273</uri>
171 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274">CVE-2007-5274</uri>
172 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689">CVE-2007-5689</uri>
173 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0628">CVE-2008-0628</uri>
174 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657">CVE-2008-0657</uri>
175 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1185">CVE-2008-1185</uri>
176 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1186">CVE-2008-1186</uri>
177 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187">CVE-2008-1187</uri>
178 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188">CVE-2008-1188</uri>
179 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189">CVE-2008-1189</uri>
180 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190">CVE-2008-1190</uri>
181 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191">CVE-2008-1191</uri>
182 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192">CVE-2008-1192</uri>
183 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193">CVE-2008-1193</uri>
184 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194">CVE-2008-1194</uri>
185 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195">CVE-2008-1195</uri>
186 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196">CVE-2008-1196</uri>
187 <uri link="http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml">GLSA 200705-23</uri>
188 <uri link="http://www.gentoo.org/security/en/glsa/glsa-200706-08.xml">GLSA 200706-08</uri>
189 </references>
190 <metadata tag="requester" timestamp="Sun, 15 Jul 2007 07:23:49 +0000">
191 jaervosz
192 </metadata>
193 <metadata tag="bugReady" timestamp="Wed, 25 Jul 2007 05:33:06 +0000">
194 jaervosz
195 </metadata>
196 <metadata tag="submitter" timestamp="Sun, 09 Sep 2007 23:51:30 +0000">
197 rbu
198 </metadata>
199 </glsa>
200
201
202
203 --
204 gentoo-commits@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups