[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MeIOH-0001Bl-Ci@titan.mandriva.com>
Date: Fri, 21 Aug 2009 02:54:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:209 ] java-1.6.0-openjdk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:209
http://www.mandriva.com/security/
_______________________________________________________________________
Package : java-1.6.0-openjdk
Date : August 21, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple Java OpenJDK security vulnerabilities has been identified
and fixed:
The design of the W3C XML Signature Syntax and Processing (XMLDsig)
recommendation specifies an HMAC truncation length (HMACOutputLength)
but does not require a minimum for its length, which allows attackers
to spoof HMAC-based signatures and bypass authentication by specifying
a truncation length with a small number of bits (CVE-2009-0217).
The Java Web Start framework does not properly check all application
jar files trust and this allows context-dependent attackers to
execute arbitrary code via a crafted application, related to NetX
(CVE-2009-1896).
Some variables and data structures without the final
keyword definition allows context-depend attackers to
obtain sensitive information. The target variables and
data structures are stated as follow: (1) LayoutQueue, (2)
Cursor.predefined, (3) AccessibleResourceBundle.getContents,
(4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types,
(9) AbstractSaslImpl.logger, (10)
Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector
class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).
The Java Management Extensions (JMX) implementation does not
properly enforce OpenType checks, which allows context-dependent
attackers to bypass intended access restrictions by leveraging
finalizer resurrection to obtain a reference to a privileged object
(CVE-2009-2476).
A flaw in the Xerces2 as used in OpenJDK allows remote attackers to
cause denial of service via a malformed XML input (CVE-2009-2625).
The audio system does not prevent access to java.lang.System properties
either by untrusted applets and Java Web Start applications, which
allows context-dependent attackers to obtain sensitive information
by reading these properties (CVE-2009-2670).
A flaw in the SOCKS proxy implementation allows remote attackers
to discover the user name of the account that invoked either an
untrusted applet or Java Web Start application via unspecified vectors
(CVE-2009-2671).
A flaw in the proxy mechanism implementation allows remote attackers
to bypass intended access restrictions and connect to arbitrary
sites via unspecified vectors, related to a declaration that lacks
the final keyword (CVE-2009-2673).
An integer overflow in the JPEG images parsing allows context-dependent
attackers to gain privileges via an untrusted Java Web Start
application that grants permissions to itself (CVE-2009-2674).
An integer overflow in the unpack200 utility decompression allows
context-dependent attackers to gain privileges via vectors involving
either an untrusted applet or Java Web Start application that grants
permissions to itself (CVE-2009-2675).
A flaw in the JDK13Services.getProviders grants full privileges to
instances of unspecified object types, which allows context-dependent
attackers to bypass intended access restrictions either via an
untrusted applet or application (CVE-2009-2689).
A flaw in the OpenJDK's encoder, grants read access to private
variables with unspecified names, which allows context-dependent
attackers to obtain sensitive information either via an untrusted
applet or application (CVE-2009-2690).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
77de7249327462d2313b7c76856b3c37 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
97c93c2f9cd96904517292329b89dd0f 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
c574934c0bbc37e6b66f06e7b323fb9e 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
ab2a2301fdae49ad083f8dbc6f498892 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
9fa31c0977e8608102535be086ce3e2a 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
a0975132274fe9ac1da38277d5bc0798 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
f3c509722d763889e079f82f18e491e4 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
6b697112ece62ac9cf1f994b240fb278 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
0682b7e9e75e726eba897288f6ecd278 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
5615ddd7056f9133c10c853e066e55bc 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
a72d479cf90373b0b7446213cfce11c0 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
612ebb19f2e36989ea1b5debc6fa19ca 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
55d3317105923930371840378bf42f78 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
f3c509722d763889e079f82f18e491e4 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
b0dd424f32658c808e286d8343c872a3 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
d97e14da57e25e04e51b096f8b8adbf4 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
9b6e10ea26b0b55d5f1e013dcbce4d5e 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
43b3c534406bee662dd11d6ad8a82237 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
531ec3ddf0c11d4d0ce2bcd98eda8baf 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
a343fcd5501b9410592b5dca3be6cd88 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
2e440b16b876e878d4a31952197ae029 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
3e4eb0ab34a70f32e1a913479aab6c9a 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
424a7d53b660998d8140cf18c1a4d873 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
f7273fda0f52db4267ce099445f63c55 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
e5fc23eb05ec1e5688251c763ecb78b9 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
87c693dec4b12cdcf8602b2e6ff1b8ea 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
5b792616f3223fa1bf903f95732d815b 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
2e440b16b876e878d4a31952197ae029 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
3497d47548dbd3454a279aac4db9c7b6 mes5/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
18a373731a0c5f3fdbe3a93daee5035e mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
27e1b2439b57251bf74cfbfa1f6997a4 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
0bfac50d5dccbe0711fa8001c590d590 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
0d08cfa86e0c64e2e69a602cbed74df3 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
ca6f1c72e5496de3b10e53199e919eb6 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
71d5af78951336166547e7b64032129b mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
1d66d60b27fe05a8d5bebdf717b49534 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
8aa7f447a6140fa89882ebfce346c4fd mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
1c7c231f79686af720355061e16fcac6 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
ba115b547bb1aeff52b234d7531d04a3 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
77b3fe99a9b32339d38cc8e14e079274 mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
fa6d0a89d137f8c9ee886802c501f959 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
71d5af78951336166547e7b64032129b mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKjcPcmqjQ0CJFipgRAjeQAJ9mtC71tANl03Q5CKl+55jnioyZtQCgr2vt
ZPZjtsZBfE62E01kkA2dTic=
=l6On
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists