| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1UDuee-00067g-RD@titan.mandriva.com> Date: Fri, 08 Mar 2013 11:36:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2013:021 ] java-1.6.0-openjdk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:021 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : March 8, 2013 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security issues were identified and fixed in OpenJDK (icedtea6): The 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via vectors that trigger a (1) read or (2) write of arbitrary memory in the JVM, as exploited in the wild in February 2013 (CVE-2013-1493). Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493 (CVE-2013-0809). The updated packages provides icedtea6-1.11.9 which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 913ff5eda4c7d4c44308cadbdcb511ec mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm e9376e66560bad6c5d7cb35a3d627870 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm 13412e9674174e924769414ad30ee79d mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm f8cd2b8917c146641f1470cf53011435 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm 4daeabe882316231e5b9e89612717057 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm 9248e6e39a0ee59ad6bc6e854e46ae2c mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1cb6fe843aec51afb6fc918ebe435c6f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm f785bc251ca4406f205cab5e64ce685a mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm f7cba7622dd6cfd1e64474f47a2ddb35 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm 38104463668442434ec884f78f3d1236 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm f355ccfbe11e93cd4101171ea7dc6356 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm 9248e6e39a0ee59ad6bc6e854e46ae2c mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFROZNcmqjQ0CJFipgRAlRxAJoC09gKmBF4kGckzoHdeLPC8BtwJQCcCyhr Pgga+RwmqGFxNf3uoedcpJA= =K1BS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists