Mailinglist Archive: opensuse-updates (41 mails)

< Previous Next >
openSUSE-SU-2010:0957-1 (important): java-1_6_0-openjdk security update fixing various vulnerabilities
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Wed, 17 Nov 2010 15:08:11 +0100 (CET)
  • Message-id: <20101117140811.45E8BBE5F@xxxxxxxxxxxxxx>
openSUSE Security Update: java-1_6_0-openjdk security update fixing various
vulnerabilities
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0957-1
Rating: important
References: #642531
Cross-References: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548
CVE-2010-3549 CVE-2010-3551 CVE-2010-3553
CVE-2010-3554 CVE-2010-3557 CVE-2010-3561
CVE-2010-3562 CVE-2010-3564 CVE-2010-3565
CVE-2010-3566 CVE-2010-3567 CVE-2010-3568
CVE-2010-3569 CVE-2010-3573 CVE-2010-3574

Affected Products:
openSUSE 11.3
openSUSE 11.2
openSUSE 11.1
______________________________________________________________________________

An update that fixes 18 vulnerabilities is now available.

Description:

Icedtea included in java-1_6_0-openjdk was updated to
version 1.7.5/1.8.2/1.9.1 to fix several security issues:

* S6914943, CVE-2009-3555: TLS: MITM attacks via
session renegotiation
* S6559775, CVE-2010-3568: OpenJDK Deserialization Race
condition
* S6891766, CVE-2010-3554: OpenJDK corba reflection
vulnerabilities
* S6925710, CVE-2010-3562: OpenJDK IndexColorModel
double-free
* S6938813, CVE-2010-3557: OpenJDK Swing mutable static
* S6957564, CVE-2010-3548: OpenJDK DNS server IP
address information leak
* S6958060, CVE-2010-3564: OpenJDK kerberos
vulnerability
* S6963023, CVE-2010-3565: OpenJDK JPEG writeImage
remote code execution
* S6963489, CVE-2010-3566: OpenJDK ICC Profile remote
code execution
* S6966692, CVE-2010-3569: OpenJDK Serialization
inconsistencies
* S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has
unsafe reflection usage
* S6925672, CVE-2010-3561: Privileged
ServerSocket.accept allows receiving connections from any
host
* S6952017, CVE-2010-3549: HttpURLConnection chunked
encoding issue (Http request splitting)
* S6952603, CVE-2010-3551: NetworkInterface reveals
local network address to untrusted code
* S6961084, CVE-2010-3541: limit setting of some
request headers in HttpURLConnection
* S6963285, CVE-2010-3567: Crash in ICU Opentype layout
engine due to mismatch in character counts
* S6980004, CVE-2010-3573: limit HTTP request cookie
headers in HttpURLConnection
* S6981426, CVE-2010-3574: limit use of TRACE method in
HttpURLConnection


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch java-1_6_0-openjdk-3500

- openSUSE 11.2:

zypper in -t patch java-1_6_0-openjdk-3500

- openSUSE 11.1:

zypper in -t patch java-1_6_0-openjdk-3500

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64):

java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2

- openSUSE 11.3 (noarch):

java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.2.2

- openSUSE 11.2 (i586 x86_64):

java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.2.2

- openSUSE 11.2 (noarch):

java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.2.2
java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.2.2

- openSUSE 11.1 (i586 x86_64):

java-1_6_0-openjdk-1.6.0.0_b20.1.9.1-0.1.3
java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.1-0.1.3
java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.1-0.1.3
java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.1-0.1.3
java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.1-0.1.3
java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.1-0.1.3


References:

http://support.novell.com/security/cve/CVE-2009-3555.html
http://support.novell.com/security/cve/CVE-2010-3541.html
http://support.novell.com/security/cve/CVE-2010-3548.html
http://support.novell.com/security/cve/CVE-2010-3549.html
http://support.novell.com/security/cve/CVE-2010-3551.html
http://support.novell.com/security/cve/CVE-2010-3553.html
http://support.novell.com/security/cve/CVE-2010-3554.html
http://support.novell.com/security/cve/CVE-2010-3557.html
http://support.novell.com/security/cve/CVE-2010-3561.html
http://support.novell.com/security/cve/CVE-2010-3562.html
http://support.novell.com/security/cve/CVE-2010-3564.html
http://support.novell.com/security/cve/CVE-2010-3565.html
http://support.novell.com/security/cve/CVE-2010-3566.html
http://support.novell.com/security/cve/CVE-2010-3567.html
http://support.novell.com/security/cve/CVE-2010-3568.html
http://support.novell.com/security/cve/CVE-2010-3569.html
http://support.novell.com/security/cve/CVE-2010-3573.html
http://support.novell.com/security/cve/CVE-2010-3574.html
https://bugzilla.novell.com/642531


< Previous Next >
This Thread
  • No further messages