-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11489 2009-11-14 02:52:09 --------------------------------------------------------------------------------
Name : java-1.6.0-openjdk Product : Fedora 12 Version : 1.6.0.0 Release : 33.b16.fc12 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 12 2009 Martin Matejovic <[email protected]> - 1:1.6.0-33.b16 - Updated release - Fixed applying patches * Mon Nov 9 2009 Martin Matejovic <[email protected]> - 1:1.6.0-32.b16 - Added java-1.6.0-openjdk-securitypatches-20091103.patch - Removed BuildRequirement: openmotif-devel, lesstif-devel - Resolves: rhbz#510197 - Resolves: rhbz#530053 - Resolves: rhbz#530057 - Resolves: rhbz#530061 - Resolves: rhbz#530062 - Resolves: rhbz#530063 - Resolves: rhbz#530067 - Resolves: rhbz#530098 - Resolves: rhbz#530173 - Resolves: rhbz#530175 - Resolves: rhbz#530296 - Resolves: rhbz#530297 - Resolves: rhbz#530300 -------------------------------------------------------------------------------- References: [ 1 ] Bug #510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) https://bugzilla.redhat.com/show_bug.cgi?id=510197 [ 2 ] Bug #530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) https://bugzilla.redhat.com/show_bug.cgi?id=530053 [ 3 ] Bug #530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) https://bugzilla.redhat.com/show_bug.cgi?id=530057 [ 4 ] Bug #530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 https://bugzilla.redhat.com/show_bug.cgi?id=530061 [ 5 ] Bug #530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) https://bugzilla.redhat.com/show_bug.cgi?id=530062 [ 6 ] Bug #530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) https://bugzilla.redhat.com/show_bug.cgi?id=530063 [ 7 ] Bug #530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) https://bugzilla.redhat.com/show_bug.cgi?id=530067 [ 8 ] Bug #530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) https://bugzilla.redhat.com/show_bug.cgi?id=530098 [ 9 ] Bug #530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) https://bugzilla.redhat.com/show_bug.cgi?id=530173 [ 10 ] Bug #530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) https://bugzilla.redhat.com/show_bug.cgi?id=530175 [ 11 ] Bug #530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512) https://bugzilla.redhat.com/show_bug.cgi?id=530296 [ 12 ] Bug #530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) https://bugzilla.redhat.com/show_bug.cgi?id=530297 [ 13 ] Bug #530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) https://bugzilla.redhat.com/show_bug.cgi?id=530300 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list [email protected] http://www.redhat.com/mailman/listinfo/fedora-package-announce
