MDVSA-2012:169

Nom du paquet

java-1.6.0-openjdk

Date

2012-11-01

Advisory ID

MDVSA-2012:169

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

* S6631398, CVE-2012-3216: FilePermission improved path checking
* S7093490: adjust package access in rmiregistry
* S7143535, CVE-2012-5068: ScriptEngine corrected permissions
* S7167656, CVE-2012-5077: Multiple Seeders are being created
* S7169884, CVE-2012-5073: LogManager checks do not work correctly
for sub-types
* S7169888, CVE-2012-5075: Narrowing resource definitions in JMX
RMI connector
* S7172522, CVE-2012-5072: Improve DomainCombiner checking
* S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
* S7189103, CVE-2012-5069: Executors needs to maintain state
* S7189490: More improvements to DomainCombiner checking
* S7189567, CVE-2012-5085: java net obselete protocol
* S7192975, CVE-2012-5071: Conditional usage check is wrong
* S7195194, CVE-2012-5084: Better data validation for Swing
* S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should
be improved
* S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without
needing to create instance
* S7198296, CVE-2012-5089: Refactor classloader usage
* S7158800: Improve storage of symbol tables
* S7158801: Improve VM CompileOnly option
* S7158804: Improve config file parsing
* S7176337: Additional changes needed for 7158801 fix
* S7198606, CVE-2012-4416: Improve VM optimization

The updated packages provides icedtea6-1.11.5 which is not vulnerable
to these issues.

Updated packages

MES5 i586

 bcf38e820f1aa357fa0d64c50d323599  mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 7b79269ef163cab203f9b815f5216926  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 24068e420773723a130cff03ae1ef47b  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 5e3611c799dcfdf1471a327ec5955ac7  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 d7ecadb7be4bfed8502367a5fc4ace40  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm 
 62663a8650988b3fdfb56b67c17e0970  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.src.rpm

2011 i586

 b0b8d9c220ca7c5fd6679d6848de69eb  2011/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 45ea196c75b18bef9ecb5bc97615c1f3  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 f33ac952a55cdb585a59e6021367482f  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 6ad5fcabc72830cd332cd9e5243be609  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 49008a850c545e90a0ebb002902528eb  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm 
 06e7da198f48cd281fe905deed67fd5c  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1.src.rpm

MES5 x86_64

 d4fcb3225426ce983273bf6d6730d5bb  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 237544fc49a02cba3438506d52e0392d  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 32b6e494b5f8f26d0be80ce8114d7738  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 fc520c63a052179c93611e4686fa0127  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 abc7f180d25764804f217a7b7ef2f0c4  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm 
 62663a8650988b3fdfb56b67c17e0970  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.src.rpm

2011 x86_64

 debfb115214191ac94d4282463962909  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 09e81180ede0595f8068ef9baeb2da22  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 d93f958ff56643adf973770ace599211  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 3a65468343ff92731e0a408f85d7e304  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 ee4cf446eac536bf729eabf15a88867d  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm 
 06e7da198f48cd281fe905deed67fd5c  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1.src.rpm

References

• http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5979
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
• http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html