MDVSA-2012:021

Nom du paquet

java-1.6.0-openjdk

Date

2012-01-17

Advisory ID

MDVSA-2012:021

Affected versions

MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

Fix issues in java sound (CVE-2011-3563).

Fix in AtomicReferenceArray (CVE-2011-3571).

Add property to limit number of request headers to the HTTP Server
(CVE-2011-5035).

Incorect checking for graphics rendering object (CVE-2012-0497).

Multiple unspecified vulnerabilities allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
(CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).

Better input parameter checking in zip file processing (CVE-2012-0501).

Issues with some KeyboardFocusManager method (CVE-2012-0502).

Issues with TimeZone class (CVE-2012-0503).

Enhance exception throwing mechanism in ObjectStreamClass
(CVE-2012-0505).

Issues with some method in corba (CVE-2012-0506).

The updated packages provides icedtea6-1.10.6 which is not vulnerable
to these issues.

Updated packages

MES5 i586

 3991eab3dad14d627a4e4a286e658076  mes5/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 1da6d0464e870345b512e423ce8e541d  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 1335da0e8ed5b37147b2ec5d8a68b20d  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 e10aebb0b91428325a308e576f50aa45  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 d30e1ae2d47cd23c063357973dd870a9  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm 
 b9d795124e16f852b188cb9c92dc3d77  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm

2010.1 i586

 63b2f376c592f7ff1e4aa7890ceee280  2010.1/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 a08e86738341f9de864419817e40a6f6  2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 18c0c0f3474444c88fc484868497a9c4  2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 b21b456d9ee21b88a7193bcbf0d240bf  2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 edaff496f231bf9e47e1758c5c9cc7d9  2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.i586.rpm 
 ce1bb936f26002c752975b1045d58e76  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm

2011 x86_64

 f8179f159c950005e677a07b7a7d7b28  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 4e99ad3e7f81d18c766dc13260b3686b  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 799eaa638565a4839906c41642f8621d  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 fee264489439ecb48de37409524194dd  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 95ffcf2aa45429fb1b31fa044560da9b  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm 
 c3237479dc9690bc6bda4d7b8054f2ae  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm

2011 i586

 276091edbd4821862b203b78ab4c7e8e  2011/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 0d5576a07181d2d61020fc9ce76ccacc  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 a4c0e4b7e7b577867cc380242a82a58d  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 7a49bc6419d25297e02b0b6151bca85e  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 abda3919ff6e3d4f2cc4c8e8135c2130  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm 
 c3237479dc9690bc6bda4d7b8054f2ae  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm

MES5 x86_64

 b9c5058e2009da89418b8056e23511ad  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 cecb580e05f61fe3dba56e33276f8185  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 8d8d67bda8662b88e6d56956e5739a2e  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 960a85c526378996f6ef6511638335f4  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 b068fd26387d11fea69f4a99190faab3  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm 
 b9d795124e16f852b188cb9c92dc3d77  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm

2010.1 x86_64

 0b4aacfa0120ea55489efe2d88eeea5d  2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 f63f343302f4375071aacac5884b6b9a  2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 cbc96ed4843f65a29d664cd0f07a8968  2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 f66189cfbc78cbe7403f880fa8ef070f  2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 0a1d5214c532f3a1e2737ee7dfb0ec14  2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm 
 ce1bb936f26002c752975b1045d58e76  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
• http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html