[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9

Sun Dec 7 04:27:51 UTC 2008

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10860
2008-12-07 02:16:19
--------------------------------------------------------------------------------

Name        : java-1.6.0-openjdk
Product     : Fedora 9
Version     : 1.6.0.0
Release     : 0.20.b09.fc9
URL         : http://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

OpenJDK security patches applied.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.20.b09
- Set runtests to 0.
* Tue Dec  2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.20.b09
- Added new security patch.
- Resolves: rhbz#472234 
- Resolves: rhbz#472233  
- Resolves: rhbz#472231  
- Resolves: rhbz#472228  
- Resolves: rhbz#472224  
- Resolves: rhbz#472218  
- Resolves: rhbz#472213  
- Resolves: rhbz#472212  
- Resolves: rhbz#472211  
- Resolves: rhbz#472209  
- Resolves: rhbz#472208  
- Resolves: rhbz#472206  
- Resolves: rhbz#472201
* Mon Sep 22 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.19.b09
- Removed update-desktop-database dependency.
- Resolves: rhbz#463046
* Mon Sep  8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Moved hotspot patch to only be applied to jit_arches.
* Mon Sep  8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Added hotspot patch (Patch11) to fix eclipse crashing bug.
- Resolves: rhbz#460205
* Mon Sep  8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Added rhino requirement.
- Resolves: rhbz#461336
* Wed Jul 16 2008 Dennis Gilmore <dennis at ausil.us> - 1:1.6.0-0.17.b09
- bump the release to sync all arches
* Wed Jul  9 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Add runtests define.
- Run test suites on JIT architectures only.
* Tue Jul  8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Only apply hotspot security patch of jitarches.
* Wed Jul  2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Added OpenJDK security patches.
* Sat Jun  7 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 1:1.6.0-0.16.b09
- enable sparc/sparc64 builds
* Sat May 31 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Fix keytool location passed to generate-cacerts.pl.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Generate cacerts file.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Remove jhat patch.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Remove makefile patch.
- Update generate-fedora-zip.sh.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Formatting cleanups.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Group all Mauve commands.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Formatting cleanups.
- Add jtreg_output to src subpackage.
* Wed May 28 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.15.b09
- Updated icedteasnapshot for new release.
* Tue May 27 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Require ca-certificates.
- Symlink to ca-certificates cacerts.
- Remove cacerts from files list.
- Resolves: rhbz#444260
* Mon May 26 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Added eclipse-ecj build requirement for mauve.
- Updated icedteasnapshot.
* Fri May 23 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Fixed jtreg testing.
* Fri May 23 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Updated icedteasnapshot.
- Updated release.
- Added jtreg testing.
* Thu May 22 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.13.b09
- Added new patch java-1.6.0-openjdk-java-access-bridge-tck.patch.
- Updated release.
* Mon May  5 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.12.b09
- Updated release.
- Updated icedteasnapshot.
- Resolves: rhbz#445182
- Resolves: rhbz#445183
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Fixed javaws.desktop installation.
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Updated icedteasnapshot.
- Removed java-1.6.0-openjdk-jconsole.desktop and
  java-1.6.0-openjdk-policytool.desktop files.
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Updated release.
- Added archbuild and archinstall definitions for ia64.
- Resolves: rhbz#433843
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
        https://bugzilla.redhat.com/show_bug.cgi?id=472201
  [ 2 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
        https://bugzilla.redhat.com/show_bug.cgi?id=472206
  [ 3 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
        https://bugzilla.redhat.com/show_bug.cgi?id=472208
  [ 4 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
        https://bugzilla.redhat.com/show_bug.cgi?id=472209
  [ 5 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
        https://bugzilla.redhat.com/show_bug.cgi?id=472211
  [ 6 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
        https://bugzilla.redhat.com/show_bug.cgi?id=472212
  [ 7 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
        https://bugzilla.redhat.com/show_bug.cgi?id=472213
  [ 8 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
        https://bugzilla.redhat.com/show_bug.cgi?id=472218
  [ 9 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
        https://bugzilla.redhat.com/show_bug.cgi?id=472233
  [ 10 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
        https://bugzilla.redhat.com/show_bug.cgi?id=472234
  [ 11 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)
        https://bugzilla.redhat.com/show_bug.cgi?id=472224
  [ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
        https://bugzilla.redhat.com/show_bug.cgi?id=472228
  [ 13 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
        https://bugzilla.redhat.com/show_bug.cgi?id=472231
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------