CVE-2014-8873

Publication date 9 November 2015

Last updated 24 July 2024

Ubuntu priority

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icedtea-web	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
openjdk-6	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
openjdk-7	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
openjdk-8	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release

Notes

tyhicks

Ubuntu is not affected due to our policy that prohibits desktop files from directly executing files that don't have the executable bit set (https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission_Bit_Required)

References

Other references

https://www.cve.org/CVERecord?id=CVE-2014-8873