Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11486
2009-11-14 02:52:09
--------------------------------------------------------------------------------

Name        : java-1.6.0-openjdk
Product     : Fedora 11
Version     : 1.6.0.0
Release     : 30.b16.fc11
URL         : http://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

Add latest security patches  Bug numbers:510197, 530053, 530057, 530061, 530062,
530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 10 2009 Martin Matejovic  - 1:1.6.0-30.b16
- Added java-1.6.0-openjdk-securitypatches-20091103.patch
- Resolves: rhbz#510197
- Resolves: rhbz#530053
- Resolves: rhbz#530057
- Resolves: rhbz#530061
- Resolves: rhbz#530062
- Resolves: rhbz#530063
- Resolves: rhbz#530067
- Resolves: rhbz#530098
- Resolves: rhbz#530173
- Resolves: rhbz#530175
- Resolves: rhbz#530296
- Resolves: rhbz#530297
- Resolves: rhbz#530300
* Wed Sep  9 2009 Lillian Angel  - 1:1.6.0-29.b16
- Removed unneeded patches.
- Updated icedteaver to 1.6
- Resolves: rhbz#484858
- Resolves: rhbz#497408
- Resolves: rhbz#489414
* Wed Sep  9 2009 Jan Horak  - 1:1.6.0.0-28.b16
- Rebuild against newer gecko
* Tue Aug  4 2009 Lillian Angel  - 1:1.6.0-27.b16
- Updated java-1.6.0-openjdk-netx.patch, and renamed to 
java-1.6.0-openjdk-netxandplugin.patch.
- Added java-1.6.0-openjdk-securitypatches.patch.
- Resolves: rhbz#512101
- Resolves: rhbz#512896
- Resolves: rhbz#512914
- Resolves: rhbz#512907
- Resolves: rhbz#512921
- Resolves: rhbz#511915
- Resolves: rhbz#512915
- Resolves: rhbz#512920
- Resolves: rhbz#512714
- Resolves: rhbz#513215
- Resolves: rhbz#513220
- Resolves: rhbz#513222
- Resolves: rhbz#513223
- Resolves: rhbz#503794
* Mon Aug  3 2009 Christopher Aillon  - 1:1.6.0.0-26.b16
- Rebuild against newer gecko
* Fri Jul 17 2009 Jan Horak  - 1:1.6.0.0-25.b16
- Rebuild against newer gecko
* Thu Jul  9 2009 Lillian Angel  - 1:1.6.0-24.b16
- Added java-1.6.0-openjdk-netx.patch
- Moved policytool to devel package.
- Updated release.
- Resolves: rhbz#507870
- Resolves: rhbz#471346
* Tue Jun 30 2009 Christopher Aillon  - 1:1.6.0.0-23.b16
- Rebuild against newer gecko
* Fri May 29 2009 Lillian Angel  - 1:1.6.0-22.b16
- Fixed abs-install-dir to be %{_jvmdir}/java-1.6.0-openjdk-1.6.0.0
* Tue May 19 2009 Lillian Angel  - 1:1.6.0-21.b16
- Removed java-1.6.0-openjdk-lcms.patch java-1.6.0-openjdk-securitypatches.patch 
java-1.6.0-openjdk-pulsejava.patch.
- Updated visualvm source.
- Updated sparc patches.
- Updated release.
- Updated icedteaver.
- Updated openjdkver.
- Updated openjdkdate.
- Adjusted buildoutputdir.
- Set runtests to 0. Hanging test causing problems.
- Include systemtap support, install hotspot tapset.
- Resolves: rhbz#479041 
- Resolves: rhbz#480075 
- Resolves: rhbz#483095 
- Resolves: rhbz#487872 
- Resolves: rhbz#467591 
- Resolves: rhbz#487452 
- Resolves: rhbz#498109 
- Resolves: rhbz#497191 
- Resolves: rhbz#462876 
- Resolves: rhbz#489586
- Resolves: rhbz#501391
* Wed May  6 2009 Lillian Angel  - 1:1.6.0.0-20.b14
- Added devel requirement for netbeans-platform
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
        https://bugzilla.redhat.com/show_bug.cgi?id=510197
  [ 2 ] Bug #530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
        https://bugzilla.redhat.com/show_bug.cgi?id=530053
  [ 3 ] Bug #530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities  (6863503)
        https://bugzilla.redhat.com/show_bug.cgi?id=530057
  [ 4 ] Bug #530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
        https://bugzilla.redhat.com/show_bug.cgi?id=530061
  [ 5 ] Bug #530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
        https://bugzilla.redhat.com/show_bug.cgi?id=530062
  [ 6 ] Bug #530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
        https://bugzilla.redhat.com/show_bug.cgi?id=530063
  [ 7 ] Bug #530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow  (6874643)
        https://bugzilla.redhat.com/show_bug.cgi?id=530067
  [ 8 ] Bug #530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)
        https://bugzilla.redhat.com/show_bug.cgi?id=530098
  [ 9 ] Bug #530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650)
        https://bugzilla.redhat.com/show_bug.cgi?id=530173
  [ 10 ] Bug #530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138)
        https://bugzilla.redhat.com/show_bug.cgi?id=530175
  [ 11 ] Bug #530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
        https://bugzilla.redhat.com/show_bug.cgi?id=530296
  [ 12 ] Bug #530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
        https://bugzilla.redhat.com/show_bug.cgi?id=530297
  [ 13 ] Bug #530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)
        https://bugzilla.redhat.com/show_bug.cgi?id=530300
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

< Prev		Next >

Partner

Latest Features

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

sec-wall: Open Source Security Proxy

Yesterday's Edition

Bredolab botnet author sentenced to 4 years in prison in Armenia

Flaw Found in Common Network Security Technology

Partner Sponsor