[ MDVSA-2009:209 ] java-1.6.0-openjdk

[dude67]

_______________________________________________________________________

Package : java-1.6.0-openjdk
Date : August 21, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple Java OpenJDK security vulnerabilities has been identified
and fixed:

The design of the W3C XML Signature Syntax and Processing (XMLDsig)
recommendation specifies an HMAC truncation length (HMACOutputLength)
but does not require a minimum for its length, which allows attackers
to spoof HMAC-based signatures and bypass authentication by specifying
a truncation length with a small number of bits (CVE-2009-0217).

The Java Web Start framework does not properly check all application
jar files trust and this allows context-dependent attackers to
execute arbitrary code via a crafted application, related to NetX
(CVE-2009-1896).

Some variables and data structures without the final
keyword definition allows context-depend attackers to
obtain sensitive information. The target variables and
data structures are stated as follow: (1) LayoutQueue, (2)
Cursor.predefined, (3) AccessibleResourceBundle.getContents,
(4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types,
(9) AbstractSaslImpl.logger, (10)
Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector
class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).

The Java Management Extensions (JMX) implementation does not
properly enforce OpenType checks, which allows context-dependent
attackers to bypass intended access restrictions by leveraging
finalizer resurrection to obtain a reference to a privileged object
(CVE-2009-2476).

A flaw in the Xerces2 as used in OpenJDK allows remote attackers to
cause denial of service via a malformed XML input (CVE-2009-2625).

The audio system does not prevent access to java.lang.System properties
either by untrusted applets and Java Web Start applications, which
allows context-dependent attackers to obtain sensitive information
by reading these properties (CVE-2009-2670).

A flaw in the SOCKS proxy implementation allows remote attackers
to discover the user name of the account that invoked either an
untrusted applet or Java Web Start application via unspecified vectors
(CVE-2009-2671).

A flaw in the proxy mechanism implementation allows remote attackers
to bypass intended access restrictions and connect to arbitrary
sites via unspecified vectors, related to a declaration that lacks
the final keyword (CVE-2009-2673).

An integer overflow in the JPEG images parsing allows context-dependent
attackers to gain privileges via an untrusted Java Web Start
application that grants permissions to itself (CVE-2009-2674).

An integer overflow in the unpack200 utility decompression allows
context-dependent attackers to gain privileges via vectors involving
either an untrusted applet or Java Web Start application that grants
permissions to itself (CVE-2009-2675).

A flaw in the JDK13Services.getProviders grants full privileges to
instances of unspecified object types, which allows context-dependent
attackers to bypass intended access restrictions either via an
untrusted applet or application (CVE-2009-2689).

A flaw in the OpenJDK's encoder, grants read access to private
variables with unspecified names, which allows context-dependent
attackers to obtain sensitive information either via an untrusted
applet or application (CVE-2009-2690).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0217
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1896
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2475
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2476
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2625
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2670
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2671
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2673
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2674
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2675
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2689
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2690
_______________________________________________________________________