[SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Wed Jun 15 05:44:07 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8028
2011-06-08 23:33:29
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 15
Version : 1.6.0.0
Release : 58.1.10.2.fc15
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-188-198-and-1102-released/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 6 2011 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-58.1.10.2
- Resolves: rhbz#709375
- Bumped to IcedTea6 1.10.2
- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent
disabled get still selected for read ops (win)
- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization
- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in
FileDialog.show() (win)
- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D
code
- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
bindings
- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ
- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ
- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
with scale close to zero
- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address
size variables
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
https://bugzilla.redhat.com/show_bug.cgi?id=706139
[ 2 ] Bug #706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
https://bugzilla.redhat.com/show_bug.cgi?id=706245
[ 3 ] Bug #706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
https://bugzilla.redhat.com/show_bug.cgi?id=706106
[ 4 ] Bug #706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
https://bugzilla.redhat.com/show_bug.cgi?id=706153
[ 5 ] Bug #706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
https://bugzilla.redhat.com/show_bug.cgi?id=706241
[ 6 ] Bug #706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
https://bugzilla.redhat.com/show_bug.cgi?id=706234
[ 7 ] Bug #706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
https://bugzilla.redhat.com/show_bug.cgi?id=706248
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list