Package name
java-1.6.0-openjdk
Date
2009-06-20
Advisory ID
MDVSA-2009:137
Affected versions
2009.0 x86_64 , 2009.0 i586 , 2009.1 i586 , 2009.1 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK:

A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote
attackers to cause denial of service triggered by a NULL pointer
dereference via a crafted image file (CVE-2009-0793).

Further security fixes in the JRE and in the Java API of OpenJDK:

A flaw in handling temporary font files by the Java Virtual
Machine (JVM) allows remote attackers to cause denial of service
(CVE-2006-2426).

An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).

A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).

A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
the client side via malicious server response (CVE-2009-1094).

Buffer overflows in the the Java Runtime Environment unpack200 utility
allow remote attackers to execute arbitrary code via an crafted applet
(CVE-2009-1095, CVE-2009-1096).

A buffer overflow in the splash screen processing allows a attackers
to execute arbitrary code (CVE-2009-1097).

A buffer overflow in GIF images handling allows remote attackers to
execute arbitrary code via an crafted GIF image (CVE-2009-1098).

A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
handling allows remote attackers to cause a denial of service on the
service endpoint's server side (CVE-2009-1101).

A flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted applet
(CVE-2009-1102).

This update provides fixes for these issues.

Update:

java-1.6.0-openjdk requires rhino packages and these has been further
updated.

Updated packages

2009.0 x86_64

 5cebb2bb47360800ceac229941689fad  2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 5405df1af7fae349beb431618fba7fd2  2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 03969d440901d4fd31106d792a395534  2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 0e727c5840611998aef5499fa241464e  2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 9d72b8a28b6a21dac221244ac51b2e1b  2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 8fcffa782992c1cc15858c2a0894ba00  2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0.x86_64.rpm
 e3f2ad3c55426cf9c4b336ab880f9ff7  2009.0/x86_64/rhino-1.7-0.0.2.1mdv2009.0.noarch.rpm
 579005e8d20d5c559ee240c35095aeeb  2009.0/x86_64/rhino-demo-1.7-0.0.2.1mdv2009.0.noarch.rpm
 384403e6dae7eadefed13682b0b924f1  2009.0/x86_64/rhino-javadoc-1.7-0.0.2.1mdv2009.0.noarch.rpm
 fd8327ed0d455a9e116ff6fcfc96a849  2009.0/x86_64/rhino-manual-1.7-0.0.2.1mdv2009.0.noarch.rpm 
 9b760b15223e7cb0146790ec5f7a77f1  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0.src.rpm
 8f2f2ce3c178cd87e526a0b8fe8918e7  2009.0/SRPMS/rhino-1.7-0.0.2.1mdv2009.0.src.rpm

2009.0 i586

 912bfaa5d15e09b410af7b20605e7a1f  2009.0/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 786629a41c5c892280577f14b097d118  2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 7a4ad719a41456847161a5da058916b1  2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 dd8e42f6419f0f0c564c2d10f66c1c51  2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 ecb3e34b02fe6366ea74d3b460913a18  2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 ec978b519cce142f0419fe9fcdfa49dd  2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0.i586.rpm
 0985ffc0a6bc78d7cea8f2fd9c9b060b  2009.0/i586/rhino-1.7-0.0.2.1mdv2009.0.noarch.rpm
 7665b20e0252718afabd10529743522e  2009.0/i586/rhino-demo-1.7-0.0.2.1mdv2009.0.noarch.rpm
 4179b415f870de30ad9bb2227ef1fbc3  2009.0/i586/rhino-javadoc-1.7-0.0.2.1mdv2009.0.noarch.rpm
 72a6d30e3807a63e77aa2ebee32716b2  2009.0/i586/rhino-manual-1.7-0.0.2.1mdv2009.0.noarch.rpm 
 9b760b15223e7cb0146790ec5f7a77f1  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0.src.rpm
 8f2f2ce3c178cd87e526a0b8fe8918e7  2009.0/SRPMS/rhino-1.7-0.0.2.1mdv2009.0.src.rpm

2009.1 i586

 e3a6b131e6b24c5bdd1401bb09363cf7  2009.1/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 75555512a7eb8b122bb0b5d7d40168e9  2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 0f45f662d06b4e820c725358d39ee9d1  2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 86624b1b4142e1e97ea4e5195e7f92dd  2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 2eb9b7a15dc0d8f02e88ea0a567ccf10  2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 8ca13d69103a5d861abdb45e8cd45bae  2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1.i586.rpm
 b785c9c5d02abfd121bbe21d388e60c6  2009.1/i586/rhino-1.7-0.0.3.1mdv2009.1.noarch.rpm
 0d7b54d508a807f40fb895f57fc4be14  2009.1/i586/rhino-demo-1.7-0.0.3.1mdv2009.1.noarch.rpm
 25fd10e12bca1b22f10bd66150c5cac2  2009.1/i586/rhino-javadoc-1.7-0.0.3.1mdv2009.1.noarch.rpm
 2687abe0ea6c72ae1a340646a102175f  2009.1/i586/rhino-manual-1.7-0.0.3.1mdv2009.1.noarch.rpm 
 b943cbf0170778e2e5d5c924a937ab6c  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1.src.rpm
 295300b3094f6486d13c0e29dd0aaa01  2009.1/SRPMS/rhino-1.7-0.0.3.1mdv2009.1.src.rpm

2009.1 x86_64

 8b72108f53cf01197bc96713a4c5886b  2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 5c0ad9be1191b441ade9f9c27ebf2bfa  2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 47d6080378ac8288c945adb06906ee5d  2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 631685330646881f15f5fc3ce43e496c  2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 f5f89addbe29f886b8a9a956f1bccd0d  2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 8d35903fed1e52aa5bfeee82ba27ffa8  2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1.x86_64.rpm
 a13593fdfc42296a1661ff6512cedd23  2009.1/x86_64/rhino-1.7-0.0.3.1mdv2009.1.noarch.rpm
 1d371aba339ae4061610412df205af53  2009.1/x86_64/rhino-demo-1.7-0.0.3.1mdv2009.1.noarch.rpm
 92cd2f41ceaf3f6941cfd48a464e4ecd  2009.1/x86_64/rhino-javadoc-1.7-0.0.3.1mdv2009.1.noarch.rpm
 c593be725e85426ced97ff0d23c215d9  2009.1/x86_64/rhino-manual-1.7-0.0.3.1mdv2009.1.noarch.rpm 
 b943cbf0170778e2e5d5c924a937ab6c  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1.src.rpm
 295300b3094f6486d13c0e29dd0aaa01  2009.1/SRPMS/rhino-1.7-0.0.3.1mdv2009.1.src.rpm

References