Paketname
java-1.6.0-openjdk
Datum
2011-11-11
Advisory ID
MDVSA-2011:170
Betroffene Versionen
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problembeschreibung

Security issues were identified and fixed in openjdk (icedtea6)
and icedtea-web:

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
via unknown vectors related to Networking (CVE-2011-3547).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability, related to AWT (CVE-2011-3548).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D (CVE-2011-3551).

IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity
via unknown vectors related to Networking (CVE-2011-3552).

IcedTea6 prior to 1.10.4 allows remote authenticated users to affect
confidentiality, related to JAXWS (CVE-2011-3553).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to Scripting
(CVE-2011-3544).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to
Deserialization (CVE-2011-3521).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors (CVE-2011-3554).

A flaw was found in the way the SSL 3 and TLS 1.0 protocols used
block ciphers in cipher-block chaining (CBC) mode. An attacker able
to perform a chosen plain text attack against a connection mixing
trusted and untrusted data could use this flaw to recover portions
of the trusted data sent over the connection (CVE-2011-3389).

Note: This update mitigates the CVE-2011-3389 issue by splitting
the first application data record byte to a separate SSL/TLS
protocol record. This mitigation may cause compatibility issues
with some SSL/TLS implementations and can be disabled using the
jsse.enableCBCProtection boolean property. This can be done on the
command line by appending the flag -Djsse.enableCBCProtection=false
to the java command.

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
via unknown vectors related to HotSpot (CVE-2011-3558).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3556).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3557).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
and integrity, related to JSSE (CVE-2011-3560).

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea project Web browser plugin. A
malicious applet could use this flaw to bypass SOP protection and
open connections to any sub-domain of the second-level domain of
the applet's origin, as well as any sub-domain of the domain that
is the suffix of the origin second-level domain. For example,
IcedTea-Web plugin allowed applet from some.host.example.com to
connect to other.host.example.com, www.example.com, and example.com,
as well as www.ample.com or ample.com. (CVE-2011-3377).

Aktualisierte Pakete

MES5 i586

 c6af60f8fac7b8fb91a79983e4c68364  mes5/i586/icedtea-web-1.0.6-0.1mdvmes5.2.i586.rpm
 00295911ed1610030bd0b39680c2fb20  mes5/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
 bdcd904e1e04d57f8205904b84dd5971  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
 960da26357c48af97ca8e9cdb4245692  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
 8cf1ac9ad06eddba1916d8e4e2b3cedf  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
 f0a00b845915e25e7b4bc9802914aee4  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm 
 3860e9d27e8bc15ea72a57deb811c961  mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm
 b0701aff2a8ffdcc27a6cd7560d0d099  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm

2010.1 i586

 2881c71d1da084f6c7a136335f5383d6  2010.1/i586/icedtea-web-1.0.6-0.1mdv2010.2.i586.rpm
 415d7598363639aecbafd380827b7ab2  2010.1/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
 27d2d84f2a00e4d18cb68e8c8ecd1626  2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
 8b4b727a2139d866d0e88ff720de9b57  2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
 8084b3aaeac98db2ddf89913db805725  2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
 f5c32405224455a5065d85ecbba6f1f2  2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.i586.rpm 
 45fd80b86f46b8e9ca3711c47d4fbb40  2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm
 6bbb0d8c0e0ce847b86d9145ca12e211  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm

2011 x86_64

 aa77ab19c7746723530e3a696fd4355a  2011/x86_64/icedtea-web-1.0.6-0.1-mdv2011.0.x86_64.rpm
 467cc14261ed055450afbf1a2a5fe483  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
 2850bfa26b1f992dff3c2c1ac3f1326b  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
 50053850cfdd573a9469aa0b5783cc82  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
 04ba44e392bf335e86fdc2c66d03bdf3  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
 678776c021e19498a6e201c9b0ef6513  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 
 0579fb909e08a0f420183284ba7061e9  2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm
 128cec9fdd9fd0e0d921341f178be9a1  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm

2011 i586

 b585d6580568d064d9e99ab2d8898dbb  2011/i586/icedtea-web-1.0.6-0.1-mdv2011.0.i586.rpm
 17ea4db995836efdb63f62370adc21f3  2011/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
 b5b625dd4b96e479ce532f2d578650bb  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
 3bc34e225ec9e6b38dd1876a5c5ffe6d  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
 050f5c111f9e65c0ea06f80e4ffff35d  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
 3d5eed0e210b9d4e38a6dcd74929f0dd  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm 
 0579fb909e08a0f420183284ba7061e9  2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm
 128cec9fdd9fd0e0d921341f178be9a1  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm

MES5 x86_64

 765023a21377d664c2ba05e98147dd1b  mes5/x86_64/icedtea-web-1.0.6-0.1mdvmes5.2.x86_64.rpm
 f0b699b476a124eb0a1b2f5187101de9  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
 249ffd15ed12d64798ff39431e402d69  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
 d747f2b1361c0a67d4d85824a94d0a69  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
 d50d63017beb08a2f23d08138a17c992  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
 dd36ff4d9b91a541dfa86bb46288bbe0  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm 
 3860e9d27e8bc15ea72a57deb811c961  mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm
 b0701aff2a8ffdcc27a6cd7560d0d099  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm

2010.1 x86_64

 899e54445bf4ad65ea254e835006ce27  2010.1/x86_64/icedtea-web-1.0.6-0.1mdv2010.2.x86_64.rpm
 7da63e6b6d83974f32f6580c4de53929  2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
 859e838ff8583b814f1270c36d0bf248  2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
 8da61ef538893c8b7766e868e369f400  2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
 3b56e8612ba71e92e728e3e1a9fef319  2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
 23eea5b9bf1a2ee3db0ebf0c6927234a  2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 
 45fd80b86f46b8e9ca3711c47d4fbb40  2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm
 6bbb0d8c0e0ce847b86d9145ca12e211  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm

Referenzen