------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-8020 2011-06-08 23:33:10 ------------------------------------------------------------------------------- -
Name : java-1.6.0-openjdk Product : Fedora 13 Version : 1.6.0.0 Release : 51.1.8.8.fc13 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment.
------------------------------------------------------------------------------- - Update Information:
icedtea6-188-198-and-1102-released ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jun 7 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-51.1.8.8 - Resolves: rhbz#709375 - Bumped to IcedTea6 1.8.8 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() (win) - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables * Tue Feb 15 2011 Deepak Bhole <dbhole@redhat.com> 1:1.6.0.0-50.1.8.7 - Updated to IcedTea6 1.8.7 - Enabled bootstrap - Security updates: S6378709, CVE-2010-4465: AWT event dispatch does not support framework code S6854912, CVE-2010-4465: Security issue with the clipboard access in Applets S6878713, CVE-2010-4469: Verifier heap corruption, relating to backward jsrs S6907662, CVE-2010-4465: System clipboard should ensure access restrictions S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited by Validator S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher S6985453, CVE-2010-4471: Font.createFont may expose some system properties in exception text S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation * Wed Feb 9 2011 Jiri Vanek <jvanek@redhat.com> 1:1.6.0.0-50.1.8.6 - updated to icedtea 1.9.6 - Security updates - S4421494, CVE-2010-4476: infinite loop while parsing double literal. * Fri Jan 28 2011 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-1.8.5.49 - updated to icedtea 1.8.5 - Resolves: rhbz#672262 - Security updates - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass - Backports - S6687968: PNGImageReader leaks native memory through an Inflater - S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk - S6782079: PNG: reading metadata may cause OOM on truncated images - Fixes - RH647157, RH582455: Update fontconfig files for rhel 6 - PR619: Improper finalization by the plugin can crash the browser * Wed Jan 5 2011 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-47.1.8.4.48 - updated to icedtea 1.8.4 * Mon Nov 29 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-46.1.8.3 - Resolves: rhbz#657491 - Removed Asian and Indic font dependencies. * Fri Nov 19 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-45.1.8.3 - updated to iced tea 1.8.3 - added fonts dependencies * Tue Nov 2 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-44.1.8.2 -fixing rhbz#648499 - BuildRequires: redhat-lsb * Thu Oct 7 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-43.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 * Mon Jul 26 2010 Martin Matejovic <mmatejov@redhat.com> -1:1.6.0-42.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 * Mon Jun 14 2010 Martin Matejovic <mmatejov@redhat.com> -1:1.6.0.-41.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 * Fri Jun 11 2010 Martin Matejovic <mmatejov@redhat.com> - 1:1.6.0-40.b18 - Rebuild * Tue Jun 8 2010 Martin Matejovic <mmatejov@redhat.com> - 1:1.6.0-39.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added visualvm_122 - Added netbeans-profiler-visualvm_release68_1.tar.gz - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Added java-1.6.0-openjdk-visualvm-update.patch - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Resolved: rhbz#595191 - Resovles: rhbz#596850 - Resolves: rhbz#597134 - Resolves: rhbz#580432 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) https://bugzilla.redhat.com/show_bug.cgi?id=706139 [ 2 ] Bug #706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373) https://bugzilla.redhat.com/show_bug.cgi?id=706245 [ 3 ] Bug #706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) https://bugzilla.redhat.com/show_bug.cgi?id=706106 [ 4 ] Bug #706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969) https://bugzilla.redhat.com/show_bug.cgi?id=706153 [ 5 ] Bug #706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495) https://bugzilla.redhat.com/show_bug.cgi?id=706241 [ 6 ] Bug #706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) https://bugzilla.redhat.com/show_bug.cgi?id=706234 [ 7 ] Bug #706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) https://bugzilla.redhat.com/show_bug.cgi?id=706248 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|