Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandriva: 2012:169: java-1.6.0-openjdk Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S6631398, CVE-2012-3216: FilePermission improved path checking * S7093490: adjust package access in rmiregistry [More...]

 Mandriva Linux Security Advisory                         MDVSA-2012:169

 Package : java-1.6.0-openjdk
 Date    : November 1, 2012
 Affected: 2011., Enterprise Server 5.0

 Problem Description:

 Multiple security issues were identified and fixed in OpenJDK
  * S6631398, CVE-2012-3216: FilePermission improved path checking
  * S7093490: adjust package access in rmiregistry
  * S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  * S7167656, CVE-2012-5077: Multiple Seeders are being created
  * S7169884, CVE-2012-5073: LogManager checks do not work correctly
  for sub-types
  * S7169888, CVE-2012-5075: Narrowing resource definitions in JMX
  RMI connector
  * S7172522, CVE-2012-5072: Improve DomainCombiner checking
  * S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  * S7189103, CVE-2012-5069: Executors needs to maintain state
  * S7189490: More improvements to DomainCombiner checking
  * S7189567, CVE-2012-5085: java net obselete protocol
  * S7192975, CVE-2012-5071: Conditional usage check is wrong
  * S7195194, CVE-2012-5084: Better data validation for Swing
  * S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should
  be improved
  * S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without
  needing to create instance
  * S7198296, CVE-2012-5089: Refactor classloader usage
  * S7158800: Improve storage of symbol tables
  * S7158801: Improve VM CompileOnly option
  * S7158804: Improve config file parsing
  * S7176337: Additional changes needed for 7158801 fix
  * S7198606, CVE-2012-4416: Improve VM optimization
 The updated packages provides icedtea6-1.11.5 which is not vulnerable
 to these issues.


 Updated Packages:

 Mandriva Linux 2011:
 b0b8d9c220ca7c5fd6679d6848de69eb  2011/i586/java-1.6.0-openjdk-
 45ea196c75b18bef9ecb5bc97615c1f3  2011/i586/java-1.6.0-openjdk-demo-
 f33ac952a55cdb585a59e6021367482f  2011/i586/java-1.6.0-openjdk-devel-
 6ad5fcabc72830cd332cd9e5243be609  2011/i586/java-1.6.0-openjdk-javadoc-
 49008a850c545e90a0ebb002902528eb  2011/i586/java-1.6.0-openjdk-src- 
 06e7da198f48cd281fe905deed67fd5c  2011/SRPMS/java-1.6.0-openjdk-

 Mandriva Linux 2011/X86_64:
 debfb115214191ac94d4282463962909  2011/x86_64/java-1.6.0-openjdk-
 09e81180ede0595f8068ef9baeb2da22  2011/x86_64/java-1.6.0-openjdk-demo-
 d93f958ff56643adf973770ace599211  2011/x86_64/java-1.6.0-openjdk-devel-
 3a65468343ff92731e0a408f85d7e304  2011/x86_64/java-1.6.0-openjdk-javadoc-
 ee4cf446eac536bf729eabf15a88867d  2011/x86_64/java-1.6.0-openjdk-src- 
 06e7da198f48cd281fe905deed67fd5c  2011/SRPMS/java-1.6.0-openjdk-

 Mandriva Enterprise Server 5:
 bcf38e820f1aa357fa0d64c50d323599  mes5/i586/java-1.6.0-openjdk-
 7b79269ef163cab203f9b815f5216926  mes5/i586/java-1.6.0-openjdk-demo-
 24068e420773723a130cff03ae1ef47b  mes5/i586/java-1.6.0-openjdk-devel-
 5e3611c799dcfdf1471a327ec5955ac7  mes5/i586/java-1.6.0-openjdk-javadoc-
 d7ecadb7be4bfed8502367a5fc4ace40  mes5/i586/java-1.6.0-openjdk-src- 
 62663a8650988b3fdfb56b67c17e0970  mes5/SRPMS/java-1.6.0-openjdk-

 Mandriva Enterprise Server 5/X86_64:
 d4fcb3225426ce983273bf6d6730d5bb  mes5/x86_64/java-1.6.0-openjdk-
 237544fc49a02cba3438506d52e0392d  mes5/x86_64/java-1.6.0-openjdk-demo-
 32b6e494b5f8f26d0be80ce8114d7738  mes5/x86_64/java-1.6.0-openjdk-devel-
 fc520c63a052179c93611e4686fa0127  mes5/x86_64/java-1.6.0-openjdk-javadoc-
 abc7f180d25764804f217a7b7ef2f0c4  mes5/x86_64/java-1.6.0-openjdk-src- 
 62663a8650988b3fdfb56b67c17e0970  mes5/SRPMS/java-1.6.0-openjdk-

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.