-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-6039 2010-04-09 00:17:45 --------------------------------------------------------------------------------
Name : java-1.6.0-openjdk Product : Fedora 11 Version : 1.6.0.0 Release : 34.b17.fc11 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- Update Information: Add latest security patches. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 30 2010 Martin Matejovic <[email protected]> - 1:1.6.0-34.b17 - Added java-1.6.0-openjdk-securitypatches-20100323.patch - Resolves: rhbz#575760 - Resolves: rhbz#575764 - Resolves: rhbz#575736 - Resolves: rhbz#575740 - Resolves: rhbz#575745 - Resolves: rhbz#575747 - Resolves: rhbz#575755 - Resolves: rhbz#575756 - Resolves: rhbz#575818 - Resolves: rhbz#575808 - Resolves: rhbz#575789 - Resolves: rhbz#575775 - Resolves: rhbz#575772 - Resolves: rhbz#575769 - Resolves: rhbz#533125 - Resolves: rhbz#575871 - Resolves: rhbz#575865 - Resolves: rhbz#575861 - Resolves: rhbz#575854 - Resolves: rhbz#575846 * Fri Mar 12 2010 Martin Matejovic <[email protected]> - 1:1.6.0-33.b17 - Added java-1.6.0-openjdk-pulse-audio-libs.patch * Tue Mar 2 2010 Martin Matejovic <[email protected]> - 1:1.6.0-32.b17 - Added icedtea6-1.7.1 - Added java-1.6.0-openjdk-linux-globals.patch, fix ppc build failure - Added java-1.6.0-openjdk-memory-barriers.patch - Resolves: rhbz#542586 - Resolves: rhbz#568640 - Resolves: rhbz#567228 - Resolves: rhbz#539971 - Resolves: rhbz#555503 - Resolves: rhbz#523651 - Resolves: rhbz#500077 - Resolves: rhbz#475892 * Mon Feb 1 2010 Martin Matejovic <[email protected]> - 1:1.6.0-31.b17 - Added icedtea6-1.7 - Added openjdk b17 - Removed hotspot tarball - Removed: java-1.6.0-openjdk-securitypatches-20091103.patch - Removed: java-1.6.0-openjdk-sparc-fixes.patch - Removed: java-1.6.0-openjdk-sparc-hotspot.patch - Removed: java-1.6.0-openjdk-x11.patch * Tue Nov 10 2009 Martin Matejovic <[email protected]> - 1:1.6.0-30.b16 - Added java-1.6.0-openjdk-securitypatches-20091103.patch - Resolves: rhbz#510197 - Resolves: rhbz#530053 - Resolves: rhbz#530057 - Resolves: rhbz#530061 - Resolves: rhbz#530062 - Resolves: rhbz#530063 - Resolves: rhbz#530067 - Resolves: rhbz#530098 - Resolves: rhbz#530173 - Resolves: rhbz#530175 - Resolves: rhbz#530296 - Resolves: rhbz#530297 - Resolves: rhbz#530300 * Wed Sep 9 2009 Lillian Angel <[email protected]> - 1:1.6.0-29.b16 - Removed unneeded patches. - Updated icedteaver to 1.6 - Resolves: rhbz#484858 - Resolves: rhbz#497408 - Resolves: rhbz#489414 * Wed Sep 9 2009 Jan Horak <[email protected]> - 1:1.6.0.0-28.b16 - Rebuild against newer gecko * Tue Aug 4 2009 Lillian Angel <[email protected]> - 1:1.6.0-27.b16 - Updated java-1.6.0-openjdk-netx.patch, and renamed to java-1.6.0-openjdk-netxandplugin.patch. - Added java-1.6.0-openjdk-securitypatches.patch. - Resolves: rhbz#512101 - Resolves: rhbz#512896 - Resolves: rhbz#512914 - Resolves: rhbz#512907 - Resolves: rhbz#512921 - Resolves: rhbz#511915 - Resolves: rhbz#512915 - Resolves: rhbz#512920 - Resolves: rhbz#512714 - Resolves: rhbz#513215 - Resolves: rhbz#513220 - Resolves: rhbz#513222 - Resolves: rhbz#513223 - Resolves: rhbz#503794 * Mon Aug 3 2009 Christopher Aillon <[email protected]> - 1:1.6.0.0-26.b16 - Rebuild against newer gecko * Fri Jul 17 2009 Jan Horak <[email protected]> - 1:1.6.0.0-25.b16 - Rebuild against newer gecko * Thu Jul 9 2009 Lillian Angel <[email protected]> - 1:1.6.0-24.b16 - Added java-1.6.0-openjdk-netx.patch - Moved policytool to devel package. - Updated release. - Resolves: rhbz#507870 - Resolves: rhbz#471346 * Tue Jun 30 2009 Christopher Aillon <[email protected]> - 1:1.6.0.0-23.b16 - Rebuild against newer gecko * Fri May 29 2009 Lillian Angel <[email protected]> - 1:1.6.0-22.b16 - Fixed abs-install-dir to be %{_jvmdir}/java-1.6.0-openjdk-1.6.0.0 * Tue May 19 2009 Lillian Angel <[email protected]> - 1:1.6.0-21.b16 - Removed java-1.6.0-openjdk-lcms.patch java-1.6.0-openjdk-securitypatches.patch java-1.6.0-openjdk-pulsejava.patch. - Updated visualvm source. - Updated sparc patches. - Updated release. - Updated icedteaver. - Updated openjdkver. - Updated openjdkdate. - Adjusted buildoutputdir. - Set runtests to 0. Hanging test causing problems. - Include systemtap support, install hotspot tapset. - Resolves: rhbz#479041 - Resolves: rhbz#480075 - Resolves: rhbz#483095 - Resolves: rhbz#487872 - Resolves: rhbz#467591 - Resolves: rhbz#487452 - Resolves: rhbz#498109 - Resolves: rhbz#497191 - Resolves: rhbz#462876 - Resolves: rhbz#489586 - Resolves: rhbz#501391 * Wed May 6 2009 Lillian Angel <[email protected]> - 1:1.6.0.0-20.b14 - Added devel requirement for netbeans-platform -------------------------------------------------------------------------------- References: [ 1 ] Bug #575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) https://bugzilla.redhat.com/show_bug.cgi?id=575760 [ 2 ] Bug #575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) https://bugzilla.redhat.com/show_bug.cgi?id=575764 [ 3 ] Bug #575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217) https://bugzilla.redhat.com/show_bug.cgi?id=575736 [ 4 ] Bug #575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) https://bugzilla.redhat.com/show_bug.cgi?id=575740 [ 5 ] Bug #575745 - OpenJDK ThreadGroup finalizer allows creation of false root ThreadGroups (6639665) https://bugzilla.redhat.com/show_bug.cgi?id=575745 [ 6 ] Bug #575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390) https://bugzilla.redhat.com/show_bug.cgi?id=575747 [ 7 ] Bug #575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393) https://bugzilla.redhat.com/show_bug.cgi?id=575755 [ 8 ] Bug #575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703) https://bugzilla.redhat.com/show_bug.cgi?id=575756 [ 9 ] Bug #575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299) https://bugzilla.redhat.com/show_bug.cgi?id=575818 [ 10 ] Bug #575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653) https://bugzilla.redhat.com/show_bug.cgi?id=575808 [ 11 ] Bug #575789 - OpenJDK ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs (6898622) https://bugzilla.redhat.com/show_bug.cgi?id=575789 [ 12 ] Bug #575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) https://bugzilla.redhat.com/show_bug.cgi?id=575775 [ 13 ] Bug #575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954) https://bugzilla.redhat.com/show_bug.cgi?id=575772 [ 14 ] Bug #575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) https://bugzilla.redhat.com/show_bug.cgi?id=575769 [ 15 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125 [ 16 ] Bug #575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866) https://bugzilla.redhat.com/show_bug.cgi?id=575871 [ 17 ] Bug #575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823) https://bugzilla.redhat.com/show_bug.cgi?id=575865 [ 18 ] Bug #575861 - OpenJDK Application can modify command array in ProcessBuilder (6910590) https://bugzilla.redhat.com/show_bug.cgi?id=575861 [ 19 ] Bug #575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597) https://bugzilla.redhat.com/show_bug.cgi?id=575854 [ 20 ] Bug #575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) https://bugzilla.redhat.com/show_bug.cgi?id=575846 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
