lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Qt0UC-00056V-VD@titan.mandriva.com>
Date: Mon, 15 Aug 2011 18:58:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:126 ] java-1.6.0-openjdk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:126
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : java-1.6.0-openjdk
 Date    : August 15, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in
 java-1.6.0-openjdk:
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
 Web Start applications and untrusted Java applets to affect integrity
 via unknown vectors related to Deserialization (CVE-2011-0865).
 
 Multiple unspecified vulnerabilities in the Java Runtime Environment
 (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
 29 and earlier, and 1.4.2_31 and earlier allow remote attackers
 to affect confidentiality, integrity, and availability via unknown
 vectors related to 2D (CVE-2011-0862).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web
 Start applications and untrusted Java applets to affect confidentiality
 via unknown vectors related to Networking (CVE-2011-0867).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 26 and earlier allows remote
 untrusted Java Web Start applications and untrusted Java applets
 to affect confidentiality via unknown vectors related to SAAJ
 (CVE-2011-0869).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 25 and earlier allows remote
 attackers to affect confidentiality via unknown vectors related to 2D
 (CVE-2011-0868).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
 Java Web Start applications and untrusted Java applets to affect
 confidentiality, integrity, and availability via unknown vectors
 related to HotSpot (CVE-2011-0864).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
 Java Web Start applications and untrusted Java applets to affect
 confidentiality, integrity, and availability via unknown vectors
 related to Swing (CVE-2011-0871).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been upgraded to versions which is not
 vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 19d265aa46efb3258d4b4cc7e73dbbb5  2009.0/i586/icedtea-web-1.0.4-0.2mdv2009.0.i586.rpm
 c1f3d3c181547b334ae1c8b15d5237a0  2009.0/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
 d9f5607c72e4f4a4505177ea3ea969be  2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
 53b0c3bb0e810c59d6eaef6e042da0b8  2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
 7f943009d100860baac42203568e6ac4  2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
 bc5eeeefc469ffa521ed38987498336b  2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
 48be307c53c6eecca3f3dc1490f229d9  2009.0/i586/libxrender1-0.9.6-0.1mdv2009.0.i586.rpm
 554c86426aeec975f3a50c18c96adadc  2009.0/i586/libxrender-devel-0.9.6-0.1mdv2009.0.i586.rpm
 e07e83effc61bde329ea7e224460a327  2009.0/i586/libxrender-static-devel-0.9.6-0.1mdv2009.0.i586.rpm 
 508b185fd12ecc76467b49f24d7b2217  2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
 6af1f5671e368bd1b4c58dd16ea0017c  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
 54be43c2618facb1d935cb520aefa833  2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 ae9f928190ede8942ac1aff89fe2f463  2009.0/x86_64/icedtea-web-1.0.4-0.2mdv2009.0.x86_64.rpm
 fa2141bfeb38567d55713e1cc0d0cebf  2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
 174eaeed97f7b861138ae96c9b5d8993  2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
 6db525e9a731a01eefe9ffeb61d3add0  2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
 f0c543aea5e2073b58f3a09d8081e785  2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
 dea21aca839de0d21601887308449b32  2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
 5dc2eadd81004cc5aa1644521b9e40af  2009.0/x86_64/lib64xrender1-0.9.6-0.1mdv2009.0.x86_64.rpm
 001c4afe613fa6dcc317cf71896be57b  2009.0/x86_64/lib64xrender-devel-0.9.6-0.1mdv2009.0.x86_64.rpm
 5539885e9c91f5114dec2476df3b4cc6  2009.0/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2009.0.x86_64.rpm 
 508b185fd12ecc76467b49f24d7b2217  2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
 6af1f5671e368bd1b4c58dd16ea0017c  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
 54be43c2618facb1d935cb520aefa833  2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 af7f9f7275e503319c42604e44a93f78  2010.1/i586/icedtea-web-1.0.4-0.2mdv2010.2.i586.rpm
 235712e4b1e878607715ad1e2a2fc6e7  2010.1/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
 cb738210a1d89e1d7a6f35e7c711ab10  2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
 8a426eac6eb9787a15b9cd0a69a3d415  2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
 f452545a878a69df9d7bbf26f17e009e  2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
 9e7ed926eadbd1be9a371627fb5e7cbc  2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
 0c235232aa7bc5ed98c459c7a8538acf  2010.1/i586/libxrender1-0.9.6-0.1mdv2010.2.i586.rpm
 6bc3d56a7395063f4cb7bd3de9744ff2  2010.1/i586/libxrender-devel-0.9.6-0.1mdv2010.2.i586.rpm
 78dae2ae6305cb11b9938fd9470c87a8  2010.1/i586/libxrender-static-devel-0.9.6-0.1mdv2010.2.i586.rpm 
 ee8f5afeb5896a84ccb4459c47ed1b11  2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
 ee1ed4d0bd5e2754464df0597b8a55aa  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
 55b0784e0c2b42114998cf694ef1fb02  2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0bd89ff2c5ddcc783092e8dcc9acaec1  2010.1/x86_64/icedtea-web-1.0.4-0.2mdv2010.2.x86_64.rpm
 93172eb2586f4f3dbae66d0abaf88c81  2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
 967c5bb38487820b259d192aefbcb9e6  2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
 8676fc951ad6ec322579db64714b1486  2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
 caf43f0f0225dc5c903317a022e38a69  2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
 6bed48be7d85aec169b7860da60f400b  2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
 0bf576b059af48591c95fc9364c86083  2010.1/x86_64/lib64xrender1-0.9.6-0.1mdv2010.2.x86_64.rpm
 af28d32a7d64d44d96c73ee784fbb725  2010.1/x86_64/lib64xrender-devel-0.9.6-0.1mdv2010.2.x86_64.rpm
 a0dbb140973cdb9d57fc04c3a4c69126  2010.1/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2010.2.x86_64.rpm 
 ee8f5afeb5896a84ccb4459c47ed1b11  2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
 ee1ed4d0bd5e2754464df0597b8a55aa  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
 55b0784e0c2b42114998cf694ef1fb02  2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 804975906b9a7af0dd528a2cfdb16ac6  mes5/i586/icedtea-web-1.0.4-0.2mdvmes5.2.i586.rpm
 4bc3bd160048659e0e29008b51a9023a  mes5/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
 c899d91a69b2dfafec9b17a7c884969b  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
 c605a09cc06a5b85a385332cf2796725  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
 039af4fca1593a5b3a0d0eae0ca76692  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
 ec14265c03a3636a43b5c99c743b18a0  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
 d3d1636413e0f54d2c7c349600657675  mes5/i586/libxrender1-0.9.6-0.1mdvmes5.2.i586.rpm
 6adfc8948ce1f7fe3f517229db281454  mes5/i586/libxrender-devel-0.9.6-0.1mdvmes5.2.i586.rpm
 f5f988a83c0a7c3713530d46fcc4a0f7  mes5/i586/libxrender-static-devel-0.9.6-0.1mdvmes5.2.i586.rpm 
 c7c4c75829e2d8622c2e947605a27091  mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
 5b7a1163490afaf752c05102c23be41f  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
 709ae35d50b7155fe89a6fd2d26eb865  mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 f670e23a581cca291ece27139e788dc1  mes5/x86_64/icedtea-web-1.0.4-0.2mdvmes5.2.x86_64.rpm
 0f3893008199b11f87d18edce4554de6  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
 6fad2efe89e7efe9387933e65e3cadd0  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
 80a052ca0777874763cf1735b4f706ff  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
 6990b2b5c0de9c1e2d7248a021ef0ba8  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
 4a39be86e947e6a61fb3002a130c83e1  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
 a4b0d0938c5802bf0e998c38f0f0f427  mes5/x86_64/lib64xrender1-0.9.6-0.1mdvmes5.2.x86_64.rpm
 dfebaaf4394ac9f1f8a8f465784ceb63  mes5/x86_64/lib64xrender-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm
 2ba6d8a3903b1ff61f3494bacde1048b  mes5/x86_64/lib64xrender-static-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm 
 c7c4c75829e2d8622c2e947605a27091  mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
 5b7a1163490afaf752c05102c23be41f  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
 709ae35d50b7155fe89a6fd2d26eb865  mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOSSBxmqjQ0CJFipgRAge9AKC/zeEWPazF5pZpS7q1uKjW/Gk1bgCgtDCN
xWq7I61m6QqApgs/cRKngYg=
=HCN8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ