[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 9 01:28:22 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-6025
2010-04-09 00:17:15
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 12
Version : 1.6.0.0
Release : 37.b17.fc12
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
Add latest security updates.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 30 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-37.b17
- Added java-1.6.0-openjdk-securitypatches-20100323.patch
- Resolves: rhbz#575760
- Resolves: rhbz#575764
- Resolves: rhbz#575736
- Resolves: rhbz#575740
- Resolves: rhbz#575745
- Resolves: rhbz#575747
- Resolves: rhbz#575755
- Resolves: rhbz#575756
- Resolves: rhbz#575818
- Resolves: rhbz#575808
- Resolves: rhbz#575789
- Resolves: rhbz#575775
- Resolves: rhbz#575772
- Resolves: rhbz#575769
- Resolves: rhbz#533125
- Resolves: rhbz#575871
- Resolves: rhbz#575865
- Resolves: rhbz#575861
- Resolves: rhbz#575854
- Resolves: rhbz#575846
* Fri Mar 12 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-36.b17
- Added java-1.6.0-openjdk-pulse-audio-libs.patch
* Tue Mar 2 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-35.b17
- Added icedtea6-1.7.1
- Added java-1.6.0-openjdk-linux-globals.patch
- Added java-1.6.0-openjdk-memory-barriers.patch
- Resolves: rhbz#542586
- Resolves: rhbz#568640
- Resolves: rhbz#567228
- Resolves: rhbz#539971
- Resolves: rhbz#555503
- Resolves: rhbz#523651
- Resolves: rhbz#500077
- Resolves: rhbz#475892
* Mon Feb 1 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-34.b17
- Added icedtea6-1.7
- Added openjdk b17
- Removed hotspot tarball
- Removed: java-1.6.0-openjdk-netbeans.patch
- Removed: java-1.6.0-openjdk-securitypatches-20091103.patch
- Removed: java-1.6.0-openjdk-sparc-fixes.patch
- Removed: java-1.6.0-openjdk-sparc-hotspot.patch
- Removed: java-1.6.0-openjdk-x11.patch
* Thu Nov 12 2009 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-33.b16
- Updated release
- Fixed applying patches
* Mon Nov 9 2009 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-32.b16
- Added java-1.6.0-openjdk-securitypatches-20091103.patch
- Removed BuildRequirement: openmotif-devel, lesstif-devel
- Resolves: rhbz#510197
- Resolves: rhbz#530053
- Resolves: rhbz#530057
- Resolves: rhbz#530061
- Resolves: rhbz#530062
- Resolves: rhbz#530063
- Resolves: rhbz#530067
- Resolves: rhbz#530098
- Resolves: rhbz#530173
- Resolves: rhbz#530175
- Resolves: rhbz#530296
- Resolves: rhbz#530297
- Resolves: rhbz#530300
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
https://bugzilla.redhat.com/show_bug.cgi?id=575760
[ 2 ] Bug #575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
https://bugzilla.redhat.com/show_bug.cgi?id=575764
[ 3 ] Bug #575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)
https://bugzilla.redhat.com/show_bug.cgi?id=575736
[ 4 ] Bug #575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
https://bugzilla.redhat.com/show_bug.cgi?id=575740
[ 5 ] Bug #575745 - OpenJDK ThreadGroup finalizer allows creation of false root ThreadGroups (6639665)
https://bugzilla.redhat.com/show_bug.cgi?id=575745
[ 6 ] Bug #575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
https://bugzilla.redhat.com/show_bug.cgi?id=575747
[ 7 ] Bug #575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
https://bugzilla.redhat.com/show_bug.cgi?id=575755
[ 8 ] Bug #575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
https://bugzilla.redhat.com/show_bug.cgi?id=575756
[ 9 ] Bug #575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299)
https://bugzilla.redhat.com/show_bug.cgi?id=575818
[ 10 ] Bug #575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
https://bugzilla.redhat.com/show_bug.cgi?id=575808
[ 11 ] Bug #575789 - OpenJDK ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs (6898622)
https://bugzilla.redhat.com/show_bug.cgi?id=575789
[ 12 ] Bug #575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
https://bugzilla.redhat.com/show_bug.cgi?id=575775
[ 13 ] Bug #575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
https://bugzilla.redhat.com/show_bug.cgi?id=575772
[ 14 ] Bug #575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
https://bugzilla.redhat.com/show_bug.cgi?id=575769
[ 15 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
https://bugzilla.redhat.com/show_bug.cgi?id=533125
[ 16 ] Bug #575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
https://bugzilla.redhat.com/show_bug.cgi?id=575871
[ 17 ] Bug #575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
https://bugzilla.redhat.com/show_bug.cgi?id=575865
[ 18 ] Bug #575861 - OpenJDK Application can modify command array in ProcessBuilder (6910590)
https://bugzilla.redhat.com/show_bug.cgi?id=575861
[ 19 ] Bug #575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
https://bugzilla.redhat.com/show_bug.cgi?id=575854
[ 20 ] Bug #575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
https://bugzilla.redhat.com/show_bug.cgi?id=575846
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list