[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Qt0UC-00056V-VD@titan.mandriva.com>
Date: Mon, 15 Aug 2011 18:58:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:126 ] java-1.6.0-openjdk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:126
http://www.mandriva.com/security/
_______________________________________________________________________
Package : java-1.6.0-openjdk
Date : August 15, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk:
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
Web Start applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization (CVE-2011-0865).
Multiple unspecified vulnerabilities in the Java Runtime Environment
(JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allow remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to 2D (CVE-2011-0862).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web
Start applications and untrusted Java applets to affect confidentiality
via unknown vectors related to Networking (CVE-2011-0867).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 26 and earlier allows remote
untrusted Java Web Start applications and untrusted Java applets
to affect confidentiality via unknown vectors related to SAAJ
(CVE-2011-0869).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier allows remote
attackers to affect confidentiality via unknown vectors related to 2D
(CVE-2011-0868).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown vectors
related to HotSpot (CVE-2011-0864).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown vectors
related to Swing (CVE-2011-0871).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to versions which is not
vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
19d265aa46efb3258d4b4cc7e73dbbb5 2009.0/i586/icedtea-web-1.0.4-0.2mdv2009.0.i586.rpm
c1f3d3c181547b334ae1c8b15d5237a0 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
d9f5607c72e4f4a4505177ea3ea969be 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
53b0c3bb0e810c59d6eaef6e042da0b8 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
7f943009d100860baac42203568e6ac4 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
bc5eeeefc469ffa521ed38987498336b 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
48be307c53c6eecca3f3dc1490f229d9 2009.0/i586/libxrender1-0.9.6-0.1mdv2009.0.i586.rpm
554c86426aeec975f3a50c18c96adadc 2009.0/i586/libxrender-devel-0.9.6-0.1mdv2009.0.i586.rpm
e07e83effc61bde329ea7e224460a327 2009.0/i586/libxrender-static-devel-0.9.6-0.1mdv2009.0.i586.rpm
508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ae9f928190ede8942ac1aff89fe2f463 2009.0/x86_64/icedtea-web-1.0.4-0.2mdv2009.0.x86_64.rpm
fa2141bfeb38567d55713e1cc0d0cebf 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
174eaeed97f7b861138ae96c9b5d8993 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
6db525e9a731a01eefe9ffeb61d3add0 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
f0c543aea5e2073b58f3a09d8081e785 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
dea21aca839de0d21601887308449b32 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
5dc2eadd81004cc5aa1644521b9e40af 2009.0/x86_64/lib64xrender1-0.9.6-0.1mdv2009.0.x86_64.rpm
001c4afe613fa6dcc317cf71896be57b 2009.0/x86_64/lib64xrender-devel-0.9.6-0.1mdv2009.0.x86_64.rpm
5539885e9c91f5114dec2476df3b4cc6 2009.0/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2009.0.x86_64.rpm
508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm
Mandriva Linux 2010.1:
af7f9f7275e503319c42604e44a93f78 2010.1/i586/icedtea-web-1.0.4-0.2mdv2010.2.i586.rpm
235712e4b1e878607715ad1e2a2fc6e7 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
cb738210a1d89e1d7a6f35e7c711ab10 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
8a426eac6eb9787a15b9cd0a69a3d415 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
f452545a878a69df9d7bbf26f17e009e 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
9e7ed926eadbd1be9a371627fb5e7cbc 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
0c235232aa7bc5ed98c459c7a8538acf 2010.1/i586/libxrender1-0.9.6-0.1mdv2010.2.i586.rpm
6bc3d56a7395063f4cb7bd3de9744ff2 2010.1/i586/libxrender-devel-0.9.6-0.1mdv2010.2.i586.rpm
78dae2ae6305cb11b9938fd9470c87a8 2010.1/i586/libxrender-static-devel-0.9.6-0.1mdv2010.2.i586.rpm
ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0bd89ff2c5ddcc783092e8dcc9acaec1 2010.1/x86_64/icedtea-web-1.0.4-0.2mdv2010.2.x86_64.rpm
93172eb2586f4f3dbae66d0abaf88c81 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
967c5bb38487820b259d192aefbcb9e6 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
8676fc951ad6ec322579db64714b1486 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
caf43f0f0225dc5c903317a022e38a69 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
6bed48be7d85aec169b7860da60f400b 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
0bf576b059af48591c95fc9364c86083 2010.1/x86_64/lib64xrender1-0.9.6-0.1mdv2010.2.x86_64.rpm
af28d32a7d64d44d96c73ee784fbb725 2010.1/x86_64/lib64xrender-devel-0.9.6-0.1mdv2010.2.x86_64.rpm
a0dbb140973cdb9d57fc04c3a4c69126 2010.1/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2010.2.x86_64.rpm
ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
804975906b9a7af0dd528a2cfdb16ac6 mes5/i586/icedtea-web-1.0.4-0.2mdvmes5.2.i586.rpm
4bc3bd160048659e0e29008b51a9023a mes5/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
c899d91a69b2dfafec9b17a7c884969b mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
c605a09cc06a5b85a385332cf2796725 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
039af4fca1593a5b3a0d0eae0ca76692 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
ec14265c03a3636a43b5c99c743b18a0 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
d3d1636413e0f54d2c7c349600657675 mes5/i586/libxrender1-0.9.6-0.1mdvmes5.2.i586.rpm
6adfc8948ce1f7fe3f517229db281454 mes5/i586/libxrender-devel-0.9.6-0.1mdvmes5.2.i586.rpm
f5f988a83c0a7c3713530d46fcc4a0f7 mes5/i586/libxrender-static-devel-0.9.6-0.1mdvmes5.2.i586.rpm
c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
f670e23a581cca291ece27139e788dc1 mes5/x86_64/icedtea-web-1.0.4-0.2mdvmes5.2.x86_64.rpm
0f3893008199b11f87d18edce4554de6 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
6fad2efe89e7efe9387933e65e3cadd0 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
80a052ca0777874763cf1735b4f706ff mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
6990b2b5c0de9c1e2d7248a021ef0ba8 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
4a39be86e947e6a61fb3002a130c83e1 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
a4b0d0938c5802bf0e998c38f0f0f427 mes5/x86_64/lib64xrender1-0.9.6-0.1mdvmes5.2.x86_64.rpm
dfebaaf4394ac9f1f8a8f465784ceb63 mes5/x86_64/lib64xrender-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm
2ba6d8a3903b1ff61f3494bacde1048b mes5/x86_64/lib64xrender-static-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm
c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFOSSBxmqjQ0CJFipgRAge9AKC/zeEWPazF5pZpS7q1uKjW/Gk1bgCgtDCN
xWq7I61m6QqApgs/cRKngYg=
=HCN8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists