Paketname
java-1.6.0-openjdk
Datum
2013-02-11
Advisory ID
MDVSA-2013:010
Betroffene Versionen
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problembeschreibung

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

* S6563318, CVE-2013-0424: RMI data sanitization
* S6664509, CVE-2013-0425: Add logging context
* S6664528, CVE-2013-0426: Find log level matching its name or value
given at construction time
* S6776941: CVE-2013-0427: Improve thread pool shutdown
* S7141694, CVE-2013-0429: Improving CORBA internals
* S7173145: Improve in-memory representation of splashscreens
* S7186945: Unpack200 improvement
* S7186946: Refine unpacker resource usage
* S7186948: Improve Swing data validation
* S7186952, CVE-2013-0432: Improve clipboard access
* S7186954: Improve connection performance
* S7186957: Improve Pack200 data validation
* S7192392, CVE-2013-0443: Better validation of client keys
* S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
* S7192977, CVE-2013-0442: Issue in toolkit thread
* S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective
proxies
* S7200491: Tighten up JTable layout code
* S7200500: Launcher better input validation
* S7201064: Better dialogue checking
* S7201066, CVE-2013-0441: Change modifiers on unused fields
* S7201068, CVE-2013-0435: Better handling of UI elements
* S7201070: Serialization to conform to protocol
* S7201071, CVE-2013-0433: InetSocketAddress serialization issue
* S8000210: Improve JarFile code quality
* S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
* S8000540, CVE-2013-1475: Improve IIOP type reuse management
* S8000631, CVE-2013-1476: Restrict access to class constructor
* S8001235, CVE-2013-0434: Improve JAXP HTTP handling
* S8001242: Improve RMI HTTP conformance
* S8001307: Modify ACC_SUPER behavior
* S8001972, CVE-2013-1478: Improve image processing
* S8002325, CVE-2013-1480: Improve management of images
* Backports
* S7010849: 5/5 Extraneous javac source/target options when building
sa-jdi

The updated packages provides icedtea6-1.11.6 which is not vulnerable
to these issues.

Aktualisierte Pakete

MES5 i586

 cab3eba731d35c1029f9c1a60ea7409e  mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.2mdvmes5.2.i586.rpm
 d1c90a77c58841371d9a0f5753474da8  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.2mdvmes5.2.i586.rpm
 39bab0491e99e80a8918147cc1c1b676  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.2mdvmes5.2.i586.rpm
 ba96a954e1c014070c402981ff669078  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.2mdvmes5.2.i586.rpm
 e567f9a4206ac5265157f385131374a0  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.2mdvmes5.2.i586.rpm 
 2a86a78ad2163abf283652f19e67cae4  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.2mdvmes5.2.src.rpm

2011 i586

 5edd6b09cce9b8f95567915b2d248de5  2011/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.2-mdv2011.0.i586.rpm
 72f76c8abf29114d4a3337347a72186a  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.2-mdv2011.0.i586.rpm
 36d35176167ad91aa16a242497fbd228  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.2-mdv2011.0.i586.rpm
 bb7f0b8053ba440669c255a6e8dbb934  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.2-mdv2011.0.i586.rpm
 afccc983221f25e9f45f7ffaa4563342  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.2-mdv2011.0.i586.rpm 
 56d47259b6b93114fdf02b17d8fba731  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.2.src.rpm

MES5 x86_64

 a43b47b67958cab0bd5ea29c918095d8  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.2mdvmes5.2.x86_64.rpm
 a1bc2571b9ae1cd759661ffd99aa856f  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.2mdvmes5.2.x86_64.rpm
 f211ab3d5717281897b07fa9be94c791  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.2mdvmes5.2.x86_64.rpm
 945216d8416b3d3a823d36606c61d810  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.2mdvmes5.2.x86_64.rpm
 b1620fa5355bae68f23155caf6490927  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.2mdvmes5.2.x86_64.rpm 
 2a86a78ad2163abf283652f19e67cae4  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.2mdvmes5.2.src.rpm

2011 x86_64

 5d63bc528e9e6d653998bc20a47290ac  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.2-mdv2011.0.x86_64.rpm
 4768ed6b251d759416f54dc855e18704  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.2-mdv2011.0.x86_64.rpm
 6a2e5d91e7124641b2a6ef3843fa47aa  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.2-mdv2011.0.x86_64.rpm
 2849a0d34659bdb7f4ea662b42b20f65  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.2-mdv2011.0.x86_64.rpm
 6a02238ef721252ba5cc58c95ec9ad1f  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.2-mdv2011.0.x86_64.rpm 
 56d47259b6b93114fdf02b17d8fba731  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.2.src.rpm

Referenzen