Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-1876

Publication date 10 February 2014

Last updated 24 July 2024


Ubuntu priority

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 14.04 LTS trusty Not in release
13.10 saucy
Fixed 6b31-1.13.3-1ubuntu1~0.13.10.1
12.10 quantal
Fixed 6b31-1.13.3-1ubuntu1~0.12.10.1
12.04 LTS precise
Fixed 6b31-1.13.3-1ubuntu1~0.12.04.2
10.04 LTS lucid
Fixed 6b31-1.13.3-1ubuntu1~0.10.04.1
openjdk-7 14.04 LTS trusty
Fixed 7u55-2.4.7-1ubuntu1
13.10 saucy
Fixed 7u55-2.4.7-1ubuntu1~0.13.10.1
12.10 quantal
Fixed 7u55-2.4.7-1ubuntu1~0.12.10.1
12.04 LTS precise
Fixed 7u55-2.4.7-1ubuntu1~0.12.04.2
10.04 LTS lucid Not in release

Notes


mdeslaur

in lucid+, NetX and the plugin moved to the icedtea-web package


jdstrand

sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked