Ubuntu
sun-java5 package

security vulnerability in sun java packages

  1. Gutsy (7.10)
  2. Bug #319367
Bug #319367 reported by Joel Ebel
264
Affects Status Importance Assigned to Milestone
sun-java5 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Won't Fix
Undecided
Unassigned
Intrepid
Invalid
Undecided
Unassigned
Jaunty
Invalid
Undecided
Unassigned
sun-java6 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
Undecided
john morimore
Intrepid
Invalid
Undecided
Unassigned
Jaunty
Invalid
Undecided
Unassigned

Bug Description

The document linked below references a security vulnerability in all sun java packages currently in supported ubuntu releases.

http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

sun-java5 packages should be updated to update 17, and sun-java6 packages should be updated to update 11.

Dapper only need java5 updated, though since java6 is in the backports, it would be nice for the many users who have installed it to get an update. Gatsy, Hardy, and Intrepid all need updates to both sun-java5 and sun-java6.

CVE References

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Jaunty already has sun-java5 1.5.0-17-0ubuntu1 and sun-java6 6-11-0ubuntu1.

Changed in sun-java5:
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Changed in sun-java6:
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Changed in sun-java5:
status: New → Invalid
Changed in sun-java6:
status: New → Invalid
Revision history for this message
Joel Ebel (jbebel) wrote :

I've added a link to the CVE number. This is a pretty serious security issue. Any update on a fix?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. This package is in multiverse and is community supported. If you are able, perhaps you could prepare new source packages to fix this by following https://wiki.ubuntu.com/SecurityUpdateProcedures.

Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in sun-java5 (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Changed in sun-java6 (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Revision history for this message
Jeff Strunk (jstrunk-math) wrote :

The Jaunty packages for sun-java6 installs properly and runs Eclipse properly on Hardy.

Revision history for this message
Joel Ebel (jbebel) wrote :

This bug for sun-java6 has been fixed in hardy and intrepid by bug 382918. Dapper is unsuported on the workstation now, so I'm fine with marking it invalid. It would be nice to see sun-java5 packages updated still for hardy and intrepid.

Revision history for this message
Matti Karnaattu (mattikarnaattu) wrote :

More serious security vulnerabilities in sun java packages!

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1

Java 5 and Java 6 packages should be updated to newest versions.

Revision history for this message
aus (aus.) wrote :

See https://bugs.launchpad.net/ubuntu/+source/sun-java6/+bug/477812

Changed in sun-java6 (Ubuntu Hardy):
status: Confirmed → Fix Released
Revision history for this message
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug is still marked as confirmed in later versions of Ubuntu.

Changed in sun-java5 (Ubuntu Intrepid):
status: Confirmed → Invalid
Changed in sun-java6 (Ubuntu Intrepid):
status: Confirmed → Invalid
john morimore (paradigmshifter1)
Changed in sun-java6 (Ubuntu Hardy):
assignee: nobody → john morimore (paradigmshifter1)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in sun-java6 (Ubuntu Dapper):
status: Confirmed → Won't Fix
Jamie Strandboge (jdstrand)
Changed in sun-java5 (Ubuntu Dapper):
status: Confirmed → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.

Changed in sun-java5 (Ubuntu Hardy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.