[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-71.1.11.6.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Sat Feb 9 11:28:38 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-2197
2013-02-09 10:45:50
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 16
Version : 1.6.0.0
Release : 71.1.11.6.fc16
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
This is rebuild of java-1.6.0-openjdk-1.6.0.0-69.1.11.6.fc16 with removed 7201064 and added 8005615 so:
kept rewritten java-1.6.0-openjdk-java-access-bridgesecurity.patch
kept icedtea6 1.11.6
Security fixes:
S8005615, fix for S6664509
S6563318, CVE-2013-0424: RMI data sanitization
S6664509, CVE-2013-0425: Add logging context
S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
S6776941: CVE-2013-0427: Improve thread pool shutdown
S7141694, CVE-2013-0429: Improving CORBA internals
S7173145: Improve in-memory representation of splashscreens
S7186945: Unpack200 improvement
S7186946: Refine unpacker resource usage
S7186948: Improve Swing data validation
S7186952, CVE-2013-0432: Improve clipboard access
S7186954: Improve connection performance
S7186957: Improve Pack200 data validation
S7192392, CVE-2013-0443: Better validation of client keys
S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
S7192977, CVE-2013-0442: Issue in toolkit thread
S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
S7200491: Tighten up JTable layout code
S7200500: Launcher better input validation
S7201066, CVE-2013-0441: Change modifiers on unused fields
S7201068, CVE-2013-0435: Better handling of UI elements
S7201070: Serialization to conform to protocol
S7201071, CVE-2013-0433: InetSocketAddress serialization issue
S8000210: Improve JarFile code quality
S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
S8000540, CVE-2013-1475: Improve IIOP type reuse management
S8000631, CVE-2013-1476: Restrict access to class constructor
S8001235, CVE-2013-0434: Improve JAXP HTTP handling
S8001242: Improve RMI HTTP conformance
S8001307: Modify ACC_SUPER behavior
S8001972, CVE-2013-1478: Improve image processing
S8002325, CVE-2013-1480: Improve management of images
Backports
S7010849: 5/5 Extraneous javac source/target options when building sa-jdi
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 6 2013 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-1.71.1.11.6
- removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch
- added patch8: 7201064.patch to be reverted
- added patch9: 8005615.patch to fix the 6664509.patch
* Wed Feb 6 2013 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-1.70.1.11.6
- added patch8 revertTwoWrongSecurityPatches2013-02-06.patch
to remove 6664509 and 7201064 from 1.11.6 tarball
* Tue Jan 15 2013 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-1.69.1.11.6
- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch
- Updated to icedtea6 1.11.6
- Security fixes
- S6563318, CVE-2013-0424: RMI data sanitization
- S6664509, CVE-2013-0425: Add logging context
- S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
- S6776941: CVE-2013-0427: Improve thread pool shutdown
- S7141694, CVE-2013-0429: Improving CORBA internals
- S7173145: Improve in-memory representation of splashscreens
- S7186945: Unpack200 improvement
- S7186946: Refine unpacker resource usage
- S7186948: Improve Swing data validation
- S7186952, CVE-2013-0432: Improve clipboard access
- S7186954: Improve connection performance
- S7186957: Improve Pack200 data validation
- S7192392, CVE-2013-0443: Better validation of client keys
- S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
- S7192977, CVE-2013-0442: Issue in toolkit thread
- S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
- S7200491: Tighten up JTable layout code
- S7200500: Launcher better input validation
- S7201064: Better dialogue checking
- S7201066, CVE-2013-0441: Change modifiers on unused fields
- S7201068, CVE-2013-0435: Better handling of UI elements
- S7201070: Serialization to conform to protocol
- S7201071, CVE-2013-0433: InetSocketAddress serialization issue
- S8000210: Improve JarFile code quality
- S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
- S8000540, CVE-2013-1475: Improve IIOP type reuse management
- S8000631, CVE-2013-1476: Restrict access to class constructor
- S8001235, CVE-2013-0434: Improve JAXP HTTP handling
- S8001242: Improve RMI HTTP conformance
- S8001307: Modify ACC_SUPER behavior
- S8001972, CVE-2013-1478: Improve image processing
- S8002325, CVE-2013-1480: Improve management of images
- Backports
- S7010849: 5/5 Extraneous javac source/target options when building sa-jdi
* Fri Oct 12 2012 Deepak Bhole <dbhole at redhat.com> - 1:1.6.0.0-68.1.11.5
- Updated to IcedTea6-1.11.5
- Updated java-1.7.0-openjdk-java-access-bridge-security.patch
- Change permission of sa-jdi.jar to 644 (upstream for future)
- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,
865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,
865519, 865531, 865541, 865568
* Fri Aug 31 2012 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-68.1.11.4
- Updated to IcedTea6 1.11.4
* Fri Jun 8 2012 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-67.1.11.3
- Updated to IcedTea6 1.11.3
- Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch:
- com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
- packages added to patch and to package.definition
- Access gnome bridge jar forced to be 644
* Thu May 31 2012 Jiri Vanek <jvanek at redhat.com> 1:6.0.0-0-66.1.11.2
- Updated to IcedTea6-1.11.2
- Bug fixes
- RH789154: javac error messages no longer contain the full path to the offending file:
- PR797: Compiler error message does not display entire file name and path
- PR881: Sign tests (wsse.policy.basic) failures with OpenJDK6
- PR886: 6-1.11.1 fails to build CACAO on ppc
- Specify both source and target in IT_GET_DTDTYPE_CHECK.
- Install nss.cfg into j2re-image too.
- PR584: Don't use shared Eden in incremental mode.
- Backports
- S6792400: Avoid loading of Normalizer resources for simple uses
* Sat Feb 11 2012 Jiri Vanek <jvanek at redhat.com> 1:6.0.0-0-65.1.11.1
- Security update to IcedTea6-1.11.1
- Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
- Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch
* Wed Feb 1 2012 Jiri Vanek <jvanek at redhat.com> 1:6.0.0-0-64.1.11
- Updated for ARM build based on fixes by Andrew Haley (aph at redhat dot com)
- Added patch100: name-arm-asm-int-fix.patch
* Tue Jan 31 2012 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-63.1.11
- sync with master
- IcedTea6 bumped to 1.11 release
- full release info at:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-January/017060.html
- removed and deleted patches:
patch5 makefile-xalan-deps.patch
patch6 glibc-name-clash.patch
all were upstreamed
* Tue Jan 24 2012 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-62.1.10.5
- updated to icedtea6 1.10.5
- Backports
S7034464, Support transparent large pages on Linux
S7037939, NUMA: Disable adaptive resizing if SHM large pages are used
S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl
S7094468, RH751203: rmiregistry clean up
S7103725, RH767129: REGRESSION – 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA
S6851973, PR830: ignore incoming channel binding if acceptor does not set one
S7091528, javadoc attempts to parse .class files
* Fri Nov 25 2011 Omair Majid <omajid at redhat.com> - 1:1.6.0.0-61.1.10.4
- Fix rhbz#741821
* Tue Nov 1 2011 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-60.1.10.4
- omajid have added Patch6 as (probably temporally) solution for S7103224 for buildability on newest glibc libraries.
* Thu Oct 13 2011 Jiri Vanek <jvanek at redhat.com> - 1:1.6.0.0-60.1.10.4
- updated to icedtea6 1.10.4
- Security fixes
- S7000600, CVE-2011-3547: InputStream skip() information leak
- S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
- S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
- S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
- S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
- S7055902, CVE-2011-3521: IIOP deserialization code execution
- S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
- S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
- S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
- S7077466, CVE-2011-3556: RMI DGC server remote code execution
- S7083012, CVE-2011-3557: RMI registry privileged code execution
- S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
- Bug fixes
- RH727195 : Japanese font mappings are broken
- Backports
- S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog
- Zero/Shark
- PR690: Shark fails to JIT using hs20.
- PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list