[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 9 21:05:39 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-6279
2010-04-09 21:01:55
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 13
Version : 1.6.0.0
Release : 37.b17.fc13
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
Add latest security updates.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
https://bugzilla.redhat.com/show_bug.cgi?id=575846
[ 2 ] Bug #575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
https://bugzilla.redhat.com/show_bug.cgi?id=575854
[ 3 ] Bug #575861 - OpenJDK Application can modify command array in ProcessBuilder (6910590)
https://bugzilla.redhat.com/show_bug.cgi?id=575861
[ 4 ] Bug #575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
https://bugzilla.redhat.com/show_bug.cgi?id=575865
[ 5 ] Bug #575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
https://bugzilla.redhat.com/show_bug.cgi?id=575871
[ 6 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
https://bugzilla.redhat.com/show_bug.cgi?id=533125
[ 7 ] Bug #575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
https://bugzilla.redhat.com/show_bug.cgi?id=575769
[ 8 ] Bug #575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
https://bugzilla.redhat.com/show_bug.cgi?id=575772
[ 9 ] Bug #575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
https://bugzilla.redhat.com/show_bug.cgi?id=575775
[ 10 ] Bug #575789 - OpenJDK ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs (6898622)
https://bugzilla.redhat.com/show_bug.cgi?id=575789
[ 11 ] Bug #575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
https://bugzilla.redhat.com/show_bug.cgi?id=575808
[ 12 ] Bug #575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299)
https://bugzilla.redhat.com/show_bug.cgi?id=575818
[ 13 ] Bug #575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
https://bugzilla.redhat.com/show_bug.cgi?id=575756
[ 14 ] Bug #575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
https://bugzilla.redhat.com/show_bug.cgi?id=575755
[ 15 ] Bug #575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
https://bugzilla.redhat.com/show_bug.cgi?id=575747
[ 16 ] Bug #575745 - OpenJDK ThreadGroup finalizer allows creation of false root ThreadGroups (6639665)
https://bugzilla.redhat.com/show_bug.cgi?id=575745
[ 17 ] Bug #575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
https://bugzilla.redhat.com/show_bug.cgi?id=575740
[ 18 ] Bug #575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)
https://bugzilla.redhat.com/show_bug.cgi?id=575736
[ 19 ] Bug #575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
https://bugzilla.redhat.com/show_bug.cgi?id=575764
[ 20 ] Bug #575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
https://bugzilla.redhat.com/show_bug.cgi?id=575760
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list