~ubuntu-security/ubuntu-cve-tracker/master

PublicDateAtUSN: 2014-02-10
Candidate: CVE-2014-1876
PublicDate: 2014-02-10
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
 https://bugzilla.redhat.com/show_bug.cgi?id=1060907
 http://seclists.org/oss-sec/2014/q1/285
 http://seclists.org/oss-sec/2014/q1/242
 http://osvdb.org/102808
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
 http://www.ubuntu.com/usn/usn-2187-1
 http://www.ubuntu.com/usn/usn-2191-1
Description:
 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK
 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and
 R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files
 when a log file cannot be opened, which allows local users to overwrite
 arbitrary files via a symlink attack on /tmp/unpack.log.
Ubuntu-Description:
Notes:
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
Bugs:
Priority: medium
Discovered-by: Jakub Wilk
Assigned-to:

Tags_openjdk-6: symlink-restriction
Priority_openjdk-6: low
Patches_openjdk-6:
upstream_openjdk-6: needs-triage
lucid_openjdk-6: released (6b31-1.13.3-1ubuntu1~0.10.04.1)
precise_openjdk-6: released (6b31-1.13.3-1ubuntu1~0.12.04.2)
quantal_openjdk-6: released (6b31-1.13.3-1ubuntu1~0.12.10.1)
saucy_openjdk-6: released (6b31-1.13.3-1ubuntu1~0.13.10.1)
trusty_openjdk-6: not-affected (6b31-1.13.3-1ubuntu1)
devel_openjdk-6: not-affected (6b31-1.13.3-1ubuntu1)

Tags_openjdk-7: symlink-restriction
Priority_openjdk-7: low
Patches_openjdk-7:
upstream_openjdk-7: needs-triage
lucid_openjdk-7: DNE
precise_openjdk-7: released (7u55-2.4.7-1ubuntu1~0.12.04.2)
quantal_openjdk-7: released (7u55-2.4.7-1ubuntu1~0.12.10.1)
saucy_openjdk-7: released (7u55-2.4.7-1ubuntu1~0.13.10.1)
trusty_openjdk-7: released (7u55-2.4.7-1ubuntu1)
devel_openjdk-7: released (7u55-2.4.7-1ubuntu1)