[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
updates at fedoraproject.org
updates at fedoraproject.org
Sun Dec 7 04:33:22 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10913
2008-12-07 02:17:14
--------------------------------------------------------------------------------
Name : java-1.6.0-openjdk
Product : Fedora 10
Version : 1.6.0.0
Release : 7.b12.fc10
URL : http://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.
--------------------------------------------------------------------------------
Update Information:
OpenJDK security patches applied.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-7.b12
- Set runtests to 0.
* Tue Dec 2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-7.b12
- Updated pkgversion to include release and arch.
- Set runtests to 1.
- Added new security patch.
- Resolves: rhbz#468484
- Resolves: rhbz#472862
- Resolves: rhbz#472234
- Resolves: rhbz#472233
- Resolves: rhbz#472231
- Resolves: rhbz#472228
- Resolves: rhbz#472224
- Resolves: rhbz#472218
- Resolves: rhbz#472213
- Resolves: rhbz#472212
- Resolves: rhbz#472211
- Resolves: rhbz#472209
- Resolves: rhbz#472208
- Resolves: rhbz#472206
- Resolves: rhbz#472201
* Mon Nov 24 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-6.b12
- Removed java-1.6.0-openjdk-plugin-1217.patch.
- Added java-1.6.0-openjdk-plugin-1219.patch.
- Updated Release.
* Fri Nov 21 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-5.b12
- Added plugin patch to resolve issues on 64-bit.
- Resolves: rhbz#471987
- Resolves: rhbz#465531
- Resolves: rhbz#470551
* Thu Nov 20 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-5.b12
- Redirect error from removing gcjwebplugin link.
- Resolves: rhbz#471568
* Thu Nov 13 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-4.b12
- Added java-fonts to Provides for base package.
- Resolves: rhbz#469893
* Wed Nov 12 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-4.b12
- Fixed pulse audio build requirements.
- Updated release.
- Resolves: rhbz#471229
* Fri Nov 7 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-3.b12
- Updated icedteasnapshot.
- Resolves: rhbz#453290
- Resolves: rhbz#469361
* Wed Nov 5 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-3.b12
- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.
- Updated release.
- Updated icedteasnapshot.
- Updated icedteaver.
- Updated visualvm source.
* Thu Oct 30 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-2.b12
- Fixed post plugin scriptlet to work for install, as well as upgrade.
* Wed Oct 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-2.b12
- Fixed release string.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
https://bugzilla.redhat.com/show_bug.cgi?id=472201
[ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
https://bugzilla.redhat.com/show_bug.cgi?id=472208
[ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
https://bugzilla.redhat.com/show_bug.cgi?id=472211
[ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
https://bugzilla.redhat.com/show_bug.cgi?id=472213
[ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)
https://bugzilla.redhat.com/show_bug.cgi?id=472224
[ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
https://bugzilla.redhat.com/show_bug.cgi?id=472231
[ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
https://bugzilla.redhat.com/show_bug.cgi?id=472234
[ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
https://bugzilla.redhat.com/show_bug.cgi?id=472206
[ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://bugzilla.redhat.com/show_bug.cgi?id=472209
[ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
https://bugzilla.redhat.com/show_bug.cgi?id=472212
[ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
https://bugzilla.redhat.com/show_bug.cgi?id=472218
[ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
https://bugzilla.redhat.com/show_bug.cgi?id=472228
[ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
https://bugzilla.redhat.com/show_bug.cgi?id=472233
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list