--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2008-10913
2008-12-07 02:17:14
--------------------------------------------------------------------------------Name        : java-1.6.0-openjdk
Product     : Fedora 10
Version     : 1.6.0.0
Release     : 7.b12.fc10
URL         : https://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------Update Information:

OpenJDK security patches applied.
--------------------------------------------------------------------------------ChangeLog:

* Tue Dec  2 2008 Lillian Angel  - 1:1.6.0-7.b12
- Set runtests to 0.
* Tue Dec  2 2008 Lillian Angel  - 1:1.6.0-7.b12
- Updated pkgversion to include release and arch.
- Set runtests to 1.
- Added new security patch.
- Resolves: rhbz#468484
- Resolves: rhbz#472862
- Resolves: rhbz#472234
- Resolves: rhbz#472233
- Resolves: rhbz#472231
- Resolves: rhbz#472228
- Resolves: rhbz#472224
- Resolves: rhbz#472218
- Resolves: rhbz#472213
- Resolves: rhbz#472212
- Resolves: rhbz#472211
- Resolves: rhbz#472209
- Resolves: rhbz#472208
- Resolves: rhbz#472206
- Resolves: rhbz#472201
* Mon Nov 24 2008 Lillian Angel  - 1:1.6.0-6.b12
- Removed java-1.6.0-openjdk-plugin-1217.patch.
- Added java-1.6.0-openjdk-plugin-1219.patch.
- Updated Release.
* Fri Nov 21 2008 Lillian Angel  - 1:1.6.0-5.b12
- Added plugin patch to resolve issues on 64-bit.
- Resolves: rhbz#471987
- Resolves: rhbz#465531
- Resolves: rhbz#470551
* Thu Nov 20 2008 Lillian Angel  - 1:1.6.0-5.b12
- Redirect error from removing gcjwebplugin link.
- Resolves: rhbz#471568
* Thu Nov 13 2008 Lillian Angel  - 1:1.6.0-4.b12
- Added java-fonts to Provides for base package.
- Resolves: rhbz#469893
* Wed Nov 12 2008 Lillian Angel  - 1:1.6.0-4.b12
- Fixed pulse audio build requirements.
- Updated release.
- Resolves: rhbz#471229
* Fri Nov  7 2008 Lillian Angel  - 1:1.6.0-3.b12
- Updated icedteasnapshot.
- Resolves: rhbz#453290
- Resolves: rhbz#469361
* Wed Nov  5 2008 Lillian Angel  - 1:1.6.0-3.b12
- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.
- Updated release.
- Updated icedteasnapshot.
- Updated icedteaver.
- Updated visualvm source.
* Thu Oct 30 2008 Lillian Angel  - 1:1.6.0-2.b12
- Fixed post plugin scriptlet to work for install, as well as upgrade.
* Wed Oct 29 2008 Lillian Angel  - 1:1.6.0-2.b12
- Fixed release string.
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
        https://bugzilla.redhat.com/show_bug.cgi?id=472201
  [ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
        https://bugzilla.redhat.com/show_bug.cgi?id=472208
  [ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
        https://bugzilla.redhat.com/show_bug.cgi?id=472211
  [ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
        https://bugzilla.redhat.com/show_bug.cgi?id=472213
  [ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)
        https://bugzilla.redhat.com/show_bug.cgi?id=472224
  [ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
        https://bugzilla.redhat.com/show_bug.cgi?id=472231
  [ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
        https://bugzilla.redhat.com/show_bug.cgi?id=472234
  [ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
        https://bugzilla.redhat.com/show_bug.cgi?id=472206
  [ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
        https://bugzilla.redhat.com/show_bug.cgi?id=472209
  [ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
        https://bugzilla.redhat.com/show_bug.cgi?id=472212
  [ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
        https://bugzilla.redhat.com/show_bug.cgi?id=472218
  [ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
        https://bugzilla.redhat.com/show_bug.cgi?id=472228
  [ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
        https://bugzilla.redhat.com/show_bug.cgi?id=472233
--------------------------------------------------------------------------------This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10

December 6, 2008
OpenJDK security patches applied.

Summary

The OpenJDK runtime environment.

OpenJDK security patches applied.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Set runtests to 0.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Updated pkgversion to include release and arch.

- Set runtests to 1.

- Added new security patch.

- Resolves: rhbz#468484

- Resolves: rhbz#472862

- Resolves: rhbz#472234

- Resolves: rhbz#472233

- Resolves: rhbz#472231

- Resolves: rhbz#472228

- Resolves: rhbz#472224

- Resolves: rhbz#472218

- Resolves: rhbz#472213

- Resolves: rhbz#472212

- Resolves: rhbz#472211

- Resolves: rhbz#472209

- Resolves: rhbz#472208

- Resolves: rhbz#472206

- Resolves: rhbz#472201

* Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12

- Removed java-1.6.0-openjdk-plugin-1217.patch.

- Added java-1.6.0-openjdk-plugin-1219.patch.

- Updated Release.

* Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12

- Added plugin patch to resolve issues on 64-bit.

- Resolves: rhbz#471987

- Resolves: rhbz#465531

- Resolves: rhbz#470551

* Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12

- Redirect error from removing gcjwebplugin link.

- Resolves: rhbz#471568

* Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12

- Added java-fonts to Provides for base package.

- Resolves: rhbz#469893

* Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12

- Fixed pulse audio build requirements.

- Updated release.

- Resolves: rhbz#471229

* Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12

- Updated icedteasnapshot.

- Resolves: rhbz#453290

- Resolves: rhbz#469361

* Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12

- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.

- Updated release.

- Updated icedteasnapshot.

- Updated icedteaver.

- Updated visualvm source.

* Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed post plugin scriptlet to work for install, as well as upgrade.

* Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed release string.

[ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)

https://bugzilla.redhat.com/show_bug.cgi?id=472201

[ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)

https://bugzilla.redhat.com/show_bug.cgi?id=472208

[ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)

https://bugzilla.redhat.com/show_bug.cgi?id=472211

[ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

https://bugzilla.redhat.com/show_bug.cgi?id=472213

[ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)

https://bugzilla.redhat.com/show_bug.cgi?id=472224

[ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)

https://bugzilla.redhat.com/show_bug.cgi?id=472231

[ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)

https://bugzilla.redhat.com/show_bug.cgi?id=472234

[ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)

https://bugzilla.redhat.com/show_bug.cgi?id=472206

[ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)

https://bugzilla.redhat.com/show_bug.cgi?id=472209

[ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)

https://bugzilla.redhat.com/show_bug.cgi?id=472212

[ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)

https://bugzilla.redhat.com/show_bug.cgi?id=472218

[ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)

https://bugzilla.redhat.com/show_bug.cgi?id=472228

[ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)

https://bugzilla.redhat.com/show_bug.cgi?id=472233

su -c 'yum update java-1.6.0-openjdk' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2008-10913 2008-12-07 02:17:14 Product : Fedora 10 Version : 1.6.0.0 Release : 7.b12.fc10 URL : https://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. OpenJDK security patches applied. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed release string. [ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091) https://bugzilla.redhat.com/show_bug.cgi?id=472201 [ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792) https://bugzilla.redhat.com/show_bug.cgi?id=472208 [ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753) https://bugzilla.redhat.com/show_bug.cgi?id=472211 [ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841) https://bugzilla.redhat.com/show_bug.cgi?id=472213 [ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167) https://bugzilla.redhat.com/show_bug.cgi?id=472224 [ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322) https://bugzilla.redhat.com/show_bug.cgi?id=472231 [ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136) https://bugzilla.redhat.com/show_bug.cgi?id=472234 [ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740) https://bugzilla.redhat.com/show_bug.cgi?id=472206 [ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160) https://bugzilla.redhat.com/show_bug.cgi?id=472209 [ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779) https://bugzilla.redhat.com/show_bug.cgi?id=472212 [ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336) https://bugzilla.redhat.com/show_bug.cgi?id=472218 [ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959) https://bugzilla.redhat.com/show_bug.cgi?id=472228 [ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943) https://bugzilla.redhat.com/show_bug.cgi?id=472233 su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 10
Version : 1.6.0.0
Release : 7.b12.fc10
URL : https://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved