Mailinglist Archive: opensuse-updates (94 mails)

< Previous Next >
openSUSE-SU-2010:0182-1 (important): java-1_6_0-openjdk security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Thu, 29 Apr 2010 15:08:10 +0200 (CEST)
  • Message-id: <20100429130810.7AF94BE13@xxxxxxxxxxxxxx>
openSUSE Security Update: java-1_6_0-openjdk security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0182-1
Rating: important
References: #594415
Cross-References: CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0088 CVE-2010-0091
CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
CVE-2010-0095 CVE-2010-0837 CVE-2010-0838
CVE-2010-0840 CVE-2010-0845 CVE-2010-0847
CVE-2010-0848
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

java-1_6_0-openjdk version 1.7.3 fixes serveral security
issues:

- CVE-2010-0837: JAR 'unpack200' must verify input
parameters
- CVE-2010-0845: No ClassCastException for
HashAttributeSet constructors if run with -Xcomp
- CVE-2010-0838: CMM readMabCurveData Buffer Overflow
Vulnerability
- CVE-2010-0082: Loader-constraint table allows arrays
instead of only the base-classes
- CVE-2010-0095: Subclasses of InetAddress may
incorrectly interpret network addresses
- CVE-2010-0085: File TOCTOU deserialization vulnerability
- CVE-2010-0091: Unsigned applet can retrieve the dragged
information before drop action occurs
- CVE-2010-0088: Inflater/Deflater clone issues
- CVE-2010-0084: Policy/PolicyFile leak dynamic
ProtectionDomains.
- CVE-2010-0092: AtomicReferenceArray causes SIGSEGV ->
SEGV_MAPERR error
- CVE-2010-0094: Deserialization of RMIConnectionImpl
objects should enforce stricter checks
- CVE-2010-0093: System.arraycopy unable to reference
elements beyond Integer.MAX_VALUE bytes
- CVE-2010-0840: Applet Trusted Methods Chaining
Privilege Escalation Vulnerability
- CVE-2010-0848: AWT Library Invalid Index Vulnerability
- CVE-2010-0847: ImagingLib arbitrary code execution
vulnerability
- CVE-2009-3555: TLS: MITM attacks via session
renegotiation


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch java-1_6_0-openjdk-2362

- openSUSE 11.1:

zypper in -t patch java-1_6_0-openjdk-2362

- openSUSE 11.0:

zypper in -t patch java-1_6_0-openjdk-2362

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.2 (i586 src x86_64):

java-1_6_0-openjdk-1.6.0.0_b17-2.1.1

- openSUSE 11.2 (i586 x86_64):

java-1_6_0-openjdk-devel-1.6.0.0_b17-2.1.1
java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.1.1

- openSUSE 11.2 (noarch):

java-1_6_0-openjdk-demo-1.6.0.0_b17-2.1.1
java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.1.1
java-1_6_0-openjdk-src-1.6.0.0_b17-2.1.1

- openSUSE 11.1 (i586 ppc src x86_64):

java-1_6_0-openjdk-1.6.0.0_b17-2.3.1

- openSUSE 11.1 (i586 ppc x86_64):

java-1_6_0-openjdk-demo-1.6.0.0_b17-2.3.1
java-1_6_0-openjdk-devel-1.6.0.0_b17-2.3.1
java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.3.1
java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.3.1
java-1_6_0-openjdk-src-1.6.0.0_b17-2.3.1

- openSUSE 11.0 (i586 ppc src x86_64):

java-1_6_0-openjdk-1.6.0.0_b17-2.3

- openSUSE 11.0 (i586 ppc x86_64):

java-1_6_0-openjdk-demo-1.6.0.0_b17-2.3
java-1_6_0-openjdk-devel-1.6.0.0_b17-2.3
java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.3
java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.3
java-1_6_0-openjdk-src-1.6.0.0_b17-2.3


References:

http://support.novell.com/security/cve/CVE-2009-3555.html
http://support.novell.com/security/cve/CVE-2010-0082.html
http://support.novell.com/security/cve/CVE-2010-0084.html
http://support.novell.com/security/cve/CVE-2010-0085.html
http://support.novell.com/security/cve/CVE-2010-0088.html
http://support.novell.com/security/cve/CVE-2010-0091.html
http://support.novell.com/security/cve/CVE-2010-0092.html
http://support.novell.com/security/cve/CVE-2010-0093.html
http://support.novell.com/security/cve/CVE-2010-0094.html
http://support.novell.com/security/cve/CVE-2010-0095.html
http://support.novell.com/security/cve/CVE-2010-0837.html
http://support.novell.com/security/cve/CVE-2010-0838.html
http://support.novell.com/security/cve/CVE-2010-0840.html
http://support.novell.com/security/cve/CVE-2010-0845.html
http://support.novell.com/security/cve/CVE-2010-0847.html
http://support.novell.com/security/cve/CVE-2010-0848.html
https://bugzilla.novell.com/594415


< Previous Next >
This Thread
  • No further messages