Paketname
java-1.6.0-openjdk
Datum
2010-04-28
Advisory ID
MDVSA-2010:084
Betroffene Versionen
2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problembeschreibung

Multiple Java OpenJDK security vulnerabilities has been identified
and fixed:

- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b
ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop
action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
(CVE-2010-0092).
- System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter
checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses
(CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability
(CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with
-Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).

Additional security issues that was fixed with IcedTea6 1.6.2:
- deprecate MD2 in SSL cert validation (CVE-2009-2409).
- ICC_Profile file existence detection information leak
(CVE-2009-3728).
- JRE AWT setDifflCM stack overflow (CVE-2009-3869).
- JRE AWT setBytePixels heap overflow (CVE-2009-3871).
- JPEG Image Writer quantization problem (CVE-2009-3873).
- ImageI/O JPEG heap overflow (CVE-2009-3874).
- MessageDigest.isEqual introduces timing attack vulnerabilities
(CVE-2009-3875).
- OpenJDK ASN.1/DER input stream parser denial of service
(CVE-2009-3876, CVE-2009-3877)
- GraphicsConfiguration information leak (CVE-2009-3879).
- UI logging information leakage (CVE-2009-3880).
- resurrected classloaders can still have children (CVE-2009-3881).
- Numerous static security flaws in Swing (findbugs) (CVE-2009-3882).
- Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883).
- zoneinfo file existence information leak (CVE-2009-3884).
- BMP parsing DoS with UNC ICC links (CVE-2009-3885).

Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found
and fixed a bug in IcedTea6 1.8 that is also applied to the provided
packages:

* plugin/icedteanp/IcedTeaNPPlugin.cc
(plugin_filter_environment): Increment malloc size by one to
account for
NULL terminator. Bug# 474.

Packages for 2009.0 are provided due to the Extended Maintenance
Program.

Aktualisierte Pakete

2009.0 x86_64

 630941e679a033285ddf5cb3e4c1d092  2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm
 6330c6dda9cf7c59a90f529bceeee17b  2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm
 c7d708c5f14d710a6bdcc352bb18a55a  2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm
 edf4b1d8efeb157bb0f19b4c4cc55935  2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm
 ac9f8227297249940b1845f3ad95165f  2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm
 d1ed0ce1155c85c423d0cbe47eadfa5b  2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 
 212262f34829af20e53fb2076fa78d25  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm

MES5 i586

 742a7a6dcc82962a132eadb91a2b1736  mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm
 3acd32ccd1fee71f07ccb4b038434ffd  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm
 c3358ac84dbc950752655fee46fd5e4b  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm
 a30ef6b33fd9ba1403ab46ef9643efdb  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm
 534f95a18c4798ec80cdfe47bd1148a8  mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm
 e79e4bd9462096222f5b07d681b3d418  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 
 0bc580c8d4d6e57cbee939bf68743170  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm

2010.0 x86_64

 100203d38e76348f262d69d2cae8a7ba  2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm
 f155019a4a22d7bf7265c67024dcbc33  2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm
 8eaf304d6eb93212d1045adc301de385  2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm
 2e2082bd89db22cf5fa4be2ebaceb71c  2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm
 3e7a1849db88a8b8ddcdf30441edfcb7  2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm
 fbc9da5e2080972f6f8c01f23e86890f  2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 
 b789ff663963ae8b60a0d189b870907c  2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm

2010.0 i586

 f3c1bb7b091d5889a856edf93e066367  2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm
 7f717091a34f98e9547c698bf08065f5  2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm
 21b8532c934559100b0dbc498ba3c52e  2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm
 8711fdef27cce9af73191903f85dbcd6  2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm
 1905269f878bb1c6367dedc6797f6914  2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm
 c5f53d24770de6704f00fdf34c87a703  2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 
 b789ff663963ae8b60a0d189b870907c  2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm

2009.1 i586

 304bc2cab18b29781bfac69d4927ddce  2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm
 77f0d2e2b2c04288a5aae608a2f73f1a  2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm
 7ff7542b4328fd978725f8e0b02590d9  2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm
 3d1bf214209ea3aef86b58962e80901e  2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm
 f52cf5f8d3f85b98da246963d583f6bc  2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm
 87b2fd7ac9883e624e71faa993559e78  2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 
 0ff2ca4dfc122a3538349ed2dab6ed81  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm

2009.0 i586

 37c14ebea4b3ceccbecba4ffea2630a6  2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm
 3f7ba1d78aaf5f1ca56e86fcb48e7192  2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm
 12963efa8b4ea6691ba68f4e72e81e5d  2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm
 6387d4381c518c5658701c114c5fcb9d  2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm
 f90d2a22c10b6eb30aedef13207d346c  2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm
 01e62b54974a3d1b5232de0baa196e41  2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 
 212262f34829af20e53fb2076fa78d25  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm

2009.1 x86_64

 883105d4347bb0864c7c73e4f0865066  2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm
 ac44d41806625e0be7a55ff30bf1f0e7  2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm
 67db7247fbf1b5be5391f33603b9148c  2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm
 0b6e7a93df49306976453daf29a29d96  2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm
 67e679d7aa4545a968889dcbb1a3fa8e  2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm
 4042e3ae7e3b2dbdcba0e73aadd219d5  2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 
 0ff2ca4dfc122a3538349ed2dab6ed81  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm

MES5 x86_64

 180566f92a5564c747c716ecdf082c8f  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm
 5e05d90fe32dfce7b15db7d9e5604227  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm
 09506c689ed0265023861e006fbcb624  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm
 c9ff4a3a4695c56b13268d76c355cfbe  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm
 0a70a54c2eed68e723cbc65de63bfbff  mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm
 166c980a8479cd915f3507070c25508e  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 
 0bc580c8d4d6e57cbee939bf68743170  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm

Referenzen