CVE-2014-1876 (retired)

Priority
Description
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK
6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and
R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files
when a log file cannot be opened, which allows local users to overwrite
arbitrary files via a symlink attack on /tmp/unpack.log.
Notes
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
Package
Priority: Low
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (6b31-1.13.3-1ubuntu1)
Package
Priority: Low
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (7u55-2.4.7-1ubuntu1)
More Information

Updated: 2019-03-26 12:12:47 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)