Fedora alert FEDORA-2009-11490 (java-1.6.0-openjdk)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 | |
| Date: | Sat, 14 Nov 2009 03:33:25 +0000 | |
| Message-ID: | <20091114033325.1C6D410F83E@bastion2.fedora.phx.redhat.com> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11490 2009-11-14 02:52:10 -------------------------------------------------------------------------------- Name : java-1.6.0-openjdk Product : Fedora 10 Version : 1.6.0.0 Release : 23.b16.fc10 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 12 2009 Martin Matejovic <mmatejov@redhat.com> - 1:1.6.0-23.b16 - Updated release tag - Fixed applying patches * Tue Nov 10 2009 Martin Matejovic <mmatejov@redhat.com> - 1:1.6.0-22.b16 - Added java-1.6.0-openjdk-securitypatches-20091103.patch - Resolves: rhbz#510197 - Resolves: rhbz#530053 - Resolves: rhbz#530057 - Resolves: rhbz#530061 - Resolves: rhbz#530062 - Resolves: rhbz#530063 - Resolves: rhbz#530067 - Resolves: rhbz#530098 - Resolves: rhbz#530173 - Resolves: rhbz#530175 - Resolves: rhbz#530296 - Resolves: rhbz#530297 - Resolves: rhbz#530300 * Wed Sep 9 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-21.b16 - Removed unneeded patches. - Updated icedteaver to 1.6 - Resolves: rhbz#484858 - Resolves: rhbz#497408 - Resolves: rhbz#489414 * Wed Aug 5 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-20.b16 - Updated java-1.6.0-openjdk-netx.patch, and renamed to java-1.6.0-openjdk-netxandplugin.patch. - Added java-1.6.0-openjdk-securitypatches.patch. - Resolves: rhbz#512101 - Resolves: rhbz#512896 - Resolves: rhbz#512914 - Resolves: rhbz#512907 - Resolves: rhbz#512921 - Resolves: rhbz#511915 - Resolves: rhbz#512915 - Resolves: rhbz#512920 - Resolves: rhbz#512714 - Resolves: rhbz#513215 - Resolves: rhbz#513220 - Resolves: rhbz#513222 - Resolves: rhbz#513223 - Resolves: rhbz#503794 * Thu Jul 9 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-19.b16 - Added java-1.6.0-openjdk-netx.patch - Moved policytool to devel package. - Updated release. - Resolves: rhbz#507870 - Resolves: rhbz#471346 * Fri May 29 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-18.b16 - Fixed abs-install-dir. - Updated release. * Fri May 29 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-17.b16 - Set icedteasnapshot to nil. - Updated release. * Wed May 20 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-16.b16 - Set icedteasnapshot. Only release candidate. * Tue May 19 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-16.b16 - Removed java-1.6.0-openjdk-lcms.patch java-1.6.0-openjdk-securitypatches.patch java-1.6.0-openjdk-pulsejava.patch. - Updated sparc patches. - Updated release. - Updated icedteaver. - Updated openjdkver. - Updated openjdkdate. - Adjusted buildoutputdir. - Set runtests to 0. Hanging test causing problems. - Include systemtap support, install hotspot tapset. - Resolves: rhbz#479041 - Resolves: rhbz#480075 - Resolves: rhbz#483095 - Resolves: rhbz#487872 - Resolves: rhbz#467591 - Resolves: rhbz#487452 - Resolves: rhbz#498109 - Resolves: rhbz#497191 - Resolves: rhbz#462876 - Resolves: rhbz#489586 - Resolves: rhbz#501391 * Mon Apr 6 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-15.b14 - Updated java-1.6.0-openjdk-lcms.patch * Thu Apr 2 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-14.b14 - Added java-1.6.0-openjdk-pulsejava.patch. - Updated release. - Updated java-1.6.0-openjdk-lcms.patch. - Resolves: rhbz#492367 - Resolves: rhbz#493276 * Tue Mar 24 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-13.b14 - Updated java-1.6.0-openjdk-lcms.patch. * Tue Mar 24 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-12.b14 - Updated release. - Added java-1.6.0-openjdk-securitypatches.patch. * Fri Mar 20 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-11.b14 - Added java-1.6.0-openjdk-lcms.patch. * Wed Feb 11 2009 Dennis Gilmore <dennis@ausil.us> - 1:1.6.0-10.b14 - fix sparc arch building asm-sparc has gone. we only have asm/ now - add sparc arches back to the jit arch list * Mon Jan 26 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-10.b14 - Updated sources. * Fri Jan 23 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-10.b14 - Added accessibility patch. * Thu Jan 22 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-10.b14 - Updated to icedtea-1.4 snapshot. - Updated release. - Removed netbeans and visualvm. - Added hotspot source. - Added --with-hotspot-src-zip build option. - Set runtests to 1. - Updated jtreg log. - Updated openjdkver. - Updated openjdkdate. - Added new patch to add GNOME to java.security. - Resolves: rhbz#472953 - Resolves: rhbz#475081 - Resolves: rhbz#452573 - Resolves: rhbz#474431 - Resolves: rhbz#474503 - Resolves: rhbz#472862 - Resolves: rhbz#477351 - Resolves: rhbz#475109 - Resolves: rhbz#476462 * Sun Jan 11 2009 Lillian Angel <langel@redhat.com> - 1:1.6.0-8.b12 - Removed README.plugin, updated source list. - Updated release. * Tue Dec 2 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel <langel@redhat.com> - 1:1.6.0-2.b12 - Fixed release string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) https://bugzilla.redhat.com/show_bug.cgi?id=510197 [ 2 ] Bug #530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) https://bugzilla.redhat.com/show_bug.cgi?id=530053 [ 3 ] Bug #530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) https://bugzilla.redhat.com/show_bug.cgi?id=530057 [ 4 ] Bug #530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 https://bugzilla.redhat.com/show_bug.cgi?id=530061 [ 5 ] Bug #530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) https://bugzilla.redhat.com/show_bug.cgi?id=530062 [ 6 ] Bug #530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) https://bugzilla.redhat.com/show_bug.cgi?id=530063 [ 7 ] Bug #530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) https://bugzilla.redhat.com/show_bug.cgi?id=530067 [ 8 ] Bug #530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) https://bugzilla.redhat.com/show_bug.cgi?id=530098 [ 9 ] Bug #530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) https://bugzilla.redhat.com/show_bug.cgi?id=530173 [ 10 ] Bug #530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) https://bugzilla.redhat.com/show_bug.cgi?id=530175 [ 11 ] Bug #530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512) https://bugzilla.redhat.com/show_bug.cgi?id=530296 [ 12 ] Bug #530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) https://bugzilla.redhat.com/show_bug.cgi?id=530297 [ 13 ] Bug #530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) https://bugzilla.redhat.com/show_bug.cgi?id=530300 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...