[ MDVSA-2010:084 ] java-1.6.0-openjdk

Kirjoittaja **dude67** » 29 Huhti 2010, 20:10

_______________________________________________________________________

Package : java-1.6.0-openjdk
Date : April 28, 2010
Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple Java OpenJDK security vulnerabilities has been identified
and fixed:

- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b
ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop
action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
(CVE-2010-0092).
- System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter
checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses
(CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability
(CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with
-Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).

Additional security issues that was fixed with IcedTea6 1.6.2:
- deprecate MD2 in SSL cert validation (CVE-2009-2409).
- ICC_Profile file existence detection information leak
(CVE-2009-3728).
- JRE AWT setDifflCM stack overflow (CVE-2009-3869).
- JRE AWT setBytePixels heap overflow (CVE-2009-3871).
- JPEG Image Writer quantization problem (CVE-2009-3873).
- ImageI/O JPEG heap overflow (CVE-2009-3874).
- MessageDigest.isEqual introduces timing attack vulnerabilities
(CVE-2009-3875).
- OpenJDK ASN.1/DER input stream parser denial of service
(CVE-2009-3876, CVE-2009-3877)
- GraphicsConfiguration information leak (CVE-2009-3879).
- UI logging information leakage (CVE-2009-3880).
- resurrected classloaders can still have children (CVE-2009-3881).
- Numerous static security flaws in Swing (findbugs) (CVE-2009-3882).
- Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883).
- zoneinfo file existence information leak (CVE-2009-3884).
- BMP parsing DoS with UNC ICC links (CVE-2009-3885).

Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found
and fixed a bug in IcedTea6 1.8 that is also applied to the provided
packages:

* plugin/icedteanp/IcedTeaNPPlugin.cc
(plugin_filter_environment): Increment malloc size by one to
account for
NULL terminator. Bug# 474.

Packages for 2009.0 are provided due to the Extended Maintenance
Program.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2409
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3555
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3728
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3869
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3871
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3873
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3874
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3875
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3876
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3877
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3879
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3880
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3881
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3882
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3883
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3884
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3885
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0082
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0084
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0085
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0088
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0091
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0092
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0093
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0094
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0095
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0837
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0838
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0840
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0845
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0847
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0848
http://article.gmane.org/gmane.comp.jav ... devel/8938
http://blogs.sun.com/darcy/resource/Ope ... mmary.html
http://icedtea.classpath.org/hg/release ... a02193b073
_______________________________________________________________________

[ MDVSA-2010:084 ] java-1.6.0-openjdk

[ MDVSA-2010:084 ] java-1.6.0-openjdk

Paikallaolijat