[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
updates at fedoraproject.org
updates at fedoraproject.org
Sun Dec 7 04:27:51 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10860
2008-12-07 02:16:19
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 9
Version : 1.6.0.0
Release : 0.20.b09.fc9
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
OpenJDK security patches applied.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.20.b09
- Set runtests to 0.
* Tue Dec 2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.20.b09
- Added new security patch.
- Resolves: rhbz#472234
- Resolves: rhbz#472233
- Resolves: rhbz#472231
- Resolves: rhbz#472228
- Resolves: rhbz#472224
- Resolves: rhbz#472218
- Resolves: rhbz#472213
- Resolves: rhbz#472212
- Resolves: rhbz#472211
- Resolves: rhbz#472209
- Resolves: rhbz#472208
- Resolves: rhbz#472206
- Resolves: rhbz#472201
* Mon Sep 22 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.19.b09
- Removed update-desktop-database dependency.
- Resolves: rhbz#463046
* Mon Sep 8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Moved hotspot patch to only be applied to jit_arches.
* Mon Sep 8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Added hotspot patch (Patch11) to fix eclipse crashing bug.
- Resolves: rhbz#460205
* Mon Sep 8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.18.b09
- Added rhino requirement.
- Resolves: rhbz#461336
* Wed Jul 16 2008 Dennis Gilmore <dennis at ausil.us> - 1:1.6.0-0.17.b09
- bump the release to sync all arches
* Wed Jul 9 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Add runtests define.
- Run test suites on JIT architectures only.
* Tue Jul 8 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Only apply hotspot security patch of jitarches.
* Wed Jul 2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-0.16.b09
- Added OpenJDK security patches.
* Sat Jun 7 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 1:1.6.0-0.16.b09
- enable sparc/sparc64 builds
* Sat May 31 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Fix keytool location passed to generate-cacerts.pl.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Generate cacerts file.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Remove jhat patch.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Remove makefile patch.
- Update generate-fedora-zip.sh.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Formatting cleanups.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Group all Mauve commands.
* Fri May 30 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Formatting cleanups.
- Add jtreg_output to src subpackage.
* Wed May 28 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.15.b09
- Updated icedteasnapshot for new release.
* Tue May 27 2008 Thomas Fitzsimmons <fitzsim at redhat.com> - 1:1.6.0.0-0.15.b09
- Require ca-certificates.
- Symlink to ca-certificates cacerts.
- Remove cacerts from files list.
- Resolves: rhbz#444260
* Mon May 26 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Added eclipse-ecj build requirement for mauve.
- Updated icedteasnapshot.
* Fri May 23 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Fixed jtreg testing.
* Fri May 23 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.14.b09
- Updated icedteasnapshot.
- Updated release.
- Added jtreg testing.
* Thu May 22 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.13.b09
- Added new patch java-1.6.0-openjdk-java-access-bridge-tck.patch.
- Updated release.
* Mon May 5 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.12.b09
- Updated release.
- Updated icedteasnapshot.
- Resolves: rhbz#445182
- Resolves: rhbz#445183
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Fixed javaws.desktop installation.
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Updated icedteasnapshot.
- Removed java-1.6.0-openjdk-jconsole.desktop and
java-1.6.0-openjdk-policytool.desktop files.
* Tue Apr 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0.0-0.11.b09
- Updated release.
- Added archbuild and archinstall definitions for ia64.
- Resolves: rhbz#433843
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
https://bugzilla.redhat.com/show_bug.cgi?id=472201
[ 2 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
https://bugzilla.redhat.com/show_bug.cgi?id=472206
[ 3 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
https://bugzilla.redhat.com/show_bug.cgi?id=472208
[ 4 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://bugzilla.redhat.com/show_bug.cgi?id=472209
[ 5 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
https://bugzilla.redhat.com/show_bug.cgi?id=472211
[ 6 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
https://bugzilla.redhat.com/show_bug.cgi?id=472212
[ 7 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
https://bugzilla.redhat.com/show_bug.cgi?id=472213
[ 8 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
https://bugzilla.redhat.com/show_bug.cgi?id=472218
[ 9 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
https://bugzilla.redhat.com/show_bug.cgi?id=472233
[ 10 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
https://bugzilla.redhat.com/show_bug.cgi?id=472234
[ 11 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)
https://bugzilla.redhat.com/show_bug.cgi?id=472224
[ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
https://bugzilla.redhat.com/show_bug.cgi?id=472228
[ 13 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
https://bugzilla.redhat.com/show_bug.cgi?id=472231
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list