[Ubuntu-BR] Firefox x java x consumo
Nelson Corrêa
nelson.ubuntu em gmail.com
Sexta Março 27 17:42:38 UTC 2009
Salles wrote:
> Em Sex, 2009-03-27 às 11:18 -0300, Nelson Corrêa escreveu:
>
>> Salles wrote:
>>
>>> Pessoal,
>>> Notei hoje um comportamento estranho ao tentar acessar o gerenciador
>>> financeiro do BB (que por sinal não entrou):
>>> Somente abertos o Monitor do sistema e o Firefox abrindo o gerenciador:
>>> - CPU 100%, RAM 280Mb, Swap 36Mb;
>>> Firefox fechado, só o monitor do sitema e o editor de texto padrão:
>>> - CPU 29%, RAM 220Mb, Swap 36Mb.
>>> Estou usando o 8.04 e FF 3.0.7.
>>> Alguém tem uma idéia do porquê disto?
>>>
>
>
>> Esse é, na minha opinião, o ponto mais fraco para o Linux virar
>> realidade. Essas atualizações que matam a usabilidade do sistema. Ontem,
>> depois da atualização do Java, meu Firefox deixou de apresentar algumas
>> páginas, como por exemplo, o Google Analytics. Sinceramente, não sei se
>> é de propósito que alguns sites fazem isso, mas imagine uma empresa, mil
>> pessoas abrindo seus desktops, acessando a web e as páginas não
>> carregando. Imagine que você é o CIO... tá bom, não precisa imaginar
>> mais nada.
>> Nelson
>>
>
> Interessante, uns 30 minutos após o ocorrido, realizei nova tentativa de
> acesso ao BB com sucesso e tudo estava normal, CPU 30%, RAM 220Mb, Swap
> 36Mb.
> Pareceu-me que o problema foi gerado pelo aplet Java no carregamento, no
> entanto não tive atualizações de Java no 8.04, permanecem os mesmos
> pacotes e versão há muito tempo.
> Bem, vou presumir que o problema pode ter sido no acesso ao BB, alguma
> instabilidade do sistema deles, pois voltou ao normal.
>
> PS: Qual tua versão do Ubuntu e do FF? Estranhei falares da atualização
> do Java, pois não tive nenhuma aqui.
>
>
Salles,
Essa aqui:
==============================
=============================
Ubuntu Security Notice USN-748-1 March 26, 2009
openjdk-6 vulnerabilities
CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1102
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
icedtea6-plugin 6b12-0ubuntu6.4
openjdk-6-jdk 6b12-0ubuntu6.4
openjdk-6-jre 6b12-0ubuntu6.4
openjdk-6-jre-headless 6b12-0ubuntu6.4
openjdk-6-jre-lib 6b12-0ubuntu6.4
After a standard system upgrade you need to restart any Java applications
to effect the necessary changes.
Details follow:
It was discovered that font creation could leak temporary files.
If a user were tricked into loading a malicious program or applet,
a remote attacker could consume disk space, leading to a denial of
service. (CVE-2006-2426, CVE-2009-1100)
It was discovered that the lightweight HttpServer did not correctly close
files on dataless connections. A remote attacker could send specially
crafted requests, leading to a denial of service. (CVE-2009-1101)
Certain 64bit Java actions would crash an application. A local attacker
might be able to cause a denial of service. (CVE-2009-1102)
It was discovered that LDAP connections did not close correctly.
A remote attacker could send specially crafted requests, leading to a
denial of service. (CVE-2009-1093)
Java LDAP routines did not unserialize certain data correctly. A remote
attacker could send specially crafted requests that could lead to
arbitrary code execution. (CVE-2009-1094)
Java did not correctly check certain JAR headers. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2009-1095, CVE-2009-1096)
It was discovered that PNG and GIF decoding in Java could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)
More information about the ubuntu-br
mailing list