*** This bug is a security vulnerability *** Public security bug reported:
http://www.cert.fi/en/reports/2009/vulnerability2009085.html "Details Several vulnerabilities regarding the parsing of XML data have been found in XML library implementations. CERT-FI coordinated the remediation efforts of these vulnerabilities. The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content." To update by hand: Download java 6 update 15: 32 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33223 64 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33227 And follow these steps: sudo mv /.../jre-6u15-linux-x64.bin /opt/ cd /opt/ chmod +x jre-6u15-linux-x64.bin sudo ./jre-6u15-linux-x64.bin YES sudo update-alternatives --install /usr/bin/java java /opt/jre1.6.0_15/bin/java 1 sudo update-alternatives --config java sudo rm /usr/bin/java sudo ln -fs /opt/jre1.6.0_15/bin/java /usr/bin/java ** Affects: sun-java6 (Ubuntu) Importance: Undecided Status: New ** Tags: java sun xml ** Visibility changed to: Public -- Java XML vulnerability (versions prior to 6 update 15) https://bugs.launchpad.net/bugs/410988 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
