This should affect all embedded java uses which launch the JVM on the main thread (the regular java launcher does not do that) and is caused by the known buggy (http://www.openwall.com/lists/oss- security/2017/06/22/6) custom CVE-2017-1000364 fix. Testing the upstream patch on debian it seems to be fine (https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=865549).
** Bug watch added: Debian Bug tracker #865549 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1699772 Title: linux-image-4.4.0-81-generic Regression: Oracle Java plugin crashes Status in eclipse package in Ubuntu: New Status in imagej package in Ubuntu: New Status in libreoffice package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10) linux-image-4.4.0-81-generic appears to contain a regression, probably related to the CVE-2017-1000364 fix backport / patch. Using this kernel, the Oracle Java browser plugin always crashes during stack-related actions on initialization. This means, the plugin completely stopped working. It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which also contains a fix for CVE-2017-1000364. uname -a: > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as well as Iceweasel / Firefox/3.5.16 in a chroot. Using linux-image-4.4.0-81-generic it crashes in all combinations while with both other kernels it works. I was not able to obtain any detailed crash information from Firefox 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a stack trace which shows the relation to stack operations performed by the plugin, even without proper debug symbols: > (gdb) bt full > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*, unsigned char*) () > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #4 <signal handler called> I first assumed a bug in the Java plugin, but it works fine in Linux 4.11.6. The crash will be triggered by any applet, for example the test applet at: * https://java.com/en/download/installed8.jsp I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow apparently does not allow me to use apport to report this bug: > $ LANG= apport-cli linux-image-4.4.0-81-generic > > *** Collecting problem information > > The collected information can be sent to the developers to improve the > application. This might take a few minutes. > ......... > > *** Problem in linux-image-4.4.0-81-generic > > The problem cannot be reported: > > This is not an official KDE package. Please remove any third party package and try again. If someone can tell me how to get apport working for this package, I can use it to collect additional information, but (unfortunately?) the problem should be fairly easy to reproduce... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eclipse/+bug/1699772/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
