Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-bugs (3333 mails)

< Previous Next >
[Bug 698739] New: VUL-0: icedtea6 1.8.8, 1.9.8 and 1.10.2 released
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 8 Jun 2011 10:43:26 +0000
  • Message-id: <bug-698739-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=698739

https://bugzilla.novell.com/show_bug.cgi?id=698739#c0


Summary: VUL-0: icedtea6 1.8.8, 1.9.8 and 1.10.2 released
Classification: openSUSE
Product: openSUSE 11.4
Version: Final
Platform: Other
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/
2011-June/014607.html
OS/Version: Other
Status: ASSIGNED
Severity: Major
Priority: P5 - None
Component: Java
AssignedTo: mvyskocil@xxxxxxxxxx
ReportedBy: mvyskocil@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx
Found By: Development
Blocker: ---


From distro-pkg-dev@xxxxxxxxxxxxxxxx (see URL field)

There is a new set of security releases: IcedTea6 1.8.8, IcedTea6
1.9.8 and IcedTea6 1.10.2.

This update contains the following security updates:

* S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled
get still selected for read ops (win)
* S6618658, CVE-2011-0865: Vulnerability in deserialization
* S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
* S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
* S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings
* S7013971, CVE-2011-0869: Vulnerability in SAAJ
* S7016340, CVE-2011-0870: Vulnerability in SAAJ
* S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale
close to zero
* S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
* S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size
variables

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

I recommend to update to 1.10.2 in openSUSE 11.3+ and Evergreen 11.1+

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
This Thread
  • No further messages