Fedora alert FEDORA-2011-8028 (java-1.6.0-openjdk)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 15 Update: java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 | |
| Date: | Wed, 15 Jun 2011 05:44:07 +0000 | |
| Message-ID: | <20110615054407.A0A44111016@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-8028 2011-06-08 23:33:29 -------------------------------------------------------------------------------- Name : java-1.6.0-openjdk Product : Fedora 15 Version : 1.6.0.0 Release : 58.1.10.2.fc15 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: http://blog.fuseyism.com/index.php/2011/06/08/icedtea6-18... -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 6 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-58.1.10.2 - Resolves: rhbz#709375 - Bumped to IcedTea6 1.10.2 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() (win) - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables -------------------------------------------------------------------------------- References: [ 1 ] Bug #706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) https://bugzilla.redhat.com/show_bug.cgi?id=706139 [ 2 ] Bug #706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373) https://bugzilla.redhat.com/show_bug.cgi?id=706245 [ 3 ] Bug #706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) https://bugzilla.redhat.com/show_bug.cgi?id=706106 [ 4 ] Bug #706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969) https://bugzilla.redhat.com/show_bug.cgi?id=706153 [ 5 ] Bug #706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495) https://bugzilla.redhat.com/show_bug.cgi?id=706241 [ 6 ] Bug #706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) https://bugzilla.redhat.com/show_bug.cgi?id=706234 [ 7 ] Bug #706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) https://bugzilla.redhat.com/show_bug.cgi?id=706248 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...