Ubuntu Security Notice USN-971-1 August 16, 2010
openjdk-6 vulnerabilities
CVE-2010-2548, CVE-2010-2783
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.04.1
Ubuntu 9.10:
icedtea6-plugin 6b18-1.8.1-0ubuntu1~9.10.1
Ubuntu 10.04 LTS:
icedtea6-plugin 6b18-1.8.1-0ubuntu1
After a standard system update you need to restart any Java applications
to make all the necessary changes.
Details follow:
It was discovered that the IcedTea plugin did not correctly check certain
accesses. If a user or automated system were tricked into running a
specially crafted Java applet, a remote attacker could read arbitrary
files with user privileges, leading to a loss of privacy. (CVE-2010-2548,
CVE-2010-2783)