| ||||||||||||||||
Fedora alert FEDORA-2008-10913 (java-1.6.0-openjdk)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-10913 2008-12-07 02:17:14 -------------------------------------------------------------------------------- Name : java-1.6.0-openjdk Product : Fedora 10 Version : 1.6.0.0 Release : 7.b12.fc10 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: OpenJDK security patches applied. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 2 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-2.b12 - Fixed release string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091) https://bugzilla.redhat.com/show_bug.cgi?id=472201 [ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792) https://bugzilla.redhat.com/show_bug.cgi?id=472208 [ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753) https://bugzilla.redhat.com/show_bug.cgi?id=472211 [ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841) https://bugzilla.redhat.com/show_bug.cgi?id=472213 [ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167) https://bugzilla.redhat.com/show_bug.cgi?id=472224 [ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322) https://bugzilla.redhat.com/show_bug.cgi?id=472231 [ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136) https://bugzilla.redhat.com/show_bug.cgi?id=472234 [ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740) https://bugzilla.redhat.com/show_bug.cgi?id=472206 [ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160) https://bugzilla.redhat.com/show_bug.cgi?id=472209 [ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779) https://bugzilla.redhat.com/show_bug.cgi?id=472212 [ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336) https://bugzilla.redhat.com/show_bug.cgi?id=472218 [ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959) https://bugzilla.redhat.com/show_bug.cgi?id=472228 [ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943) https://bugzilla.redhat.com/show_bug.cgi?id=472233 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||