------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-1645 2011-02-16 18:40:10.931957 ------------------------------------------------------------------------------- -
Name : java-1.6.0-openjdk Product : Fedora 14 Version : 1.6.0.0 Release : 52.1.9.7.fc14 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment.
------------------------------------------------------------------------------- - Update Information:
This update fixes the following security issues:
S6378709, CVE-2010-4465: AWT event dispatch does not support framework code
S6854912, CVE-2010-4465: Security issue with the clipboard access in Applets
S6878713, CVE-2010-4469: Verifier heap corruption, relating to backward jsrs
S6907662, CVE-2010-4465: System clipboard should ensure access restrictions
S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited by Validator
S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher
S6985453, CVE-2010-4471: Font.createFont may expose some system properties in exception text
S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations
RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation ------------------------------------------------------------------------------- - ChangeLog:
* Tue Feb 15 2011 Deepak Bhole <dbhole@redhat.com> 1:1.6.0.0-52.1.9.7 - Updated to IcedTea6 1.9.7 - Enabled bootstrap - Security updates: S6378709, CVE-2010-4465: AWT event dispatch does not support framework code S6854912, CVE-2010-4465: Security issue with the clipboard access in Applets S6878713, CVE-2010-4469: Verifier heap corruption, relating to backward jsrs S6907662, CVE-2010-4465: System clipboard should ensure access restrictions S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited by Validator S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher S6985453, CVE-2010-4471: Font.createFont may expose some system properties in exception text S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation * Wed Feb 9 2011 Jiri Vanek <jvanek@redhat.com> 1:1.6.0.0-52.1.9.6 - updated to icedtea 1.9.6 - Security updates - S4421494, CVE-2010-4476: infinite loop while parsing double literal. * Fri Jan 28 2011 Jiri Vanek <jvanek@redhat.com> 1:1.6.0.0-51.1.9.5 - updated to icedtea 1.9.5 - Resolves: rhbz#672262 - Security updates - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass - Backports - S6687968: PNGImageReader leaks native memory through an Inflater - S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk - S6782079: PNG: reading metadata may cause OOM on truncated images - Fixes - RH647157, RH582455: Update fontconfig files for rhel 6 - PR619: Improper finalization by the plugin can crash the browser * Wed Jan 5 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-50.1.9.4 - Updated to IcedTea 1.9.4 * Wed Dec 1 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-49.1.9.3 - Updated to IcedTea 1.9.3 - Re-enable Compressed Oops by default as upstream bug# 7002666 is fixed * Tue Nov 30 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-49.1.9.2 - Update to IcedTea 1.9.2 - Resolves: rhbz# 645843 - Resolves: rhbz# 647737 - Resolves: rhbz# 643674 - Remove patch that disabled Compressed Oops. It is now the default upstream. * Mon Nov 29 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-48.1.9.1 - Resolves: rhbz#657491 - Removed Asian and Indic font dependencies. * Mon Nov 22 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-47.1.9.1 - added fonts dependencies * Mon Nov 8 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-46.1.9.1 - Temporarily resolve rhbz#647737: - Put hs19 back, but disable Compressed Oops * Mon Nov 8 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-45.1.9.1 - Temporarily resolve rhbz#647737: - Build with default hotspot (hs17) - From Jiri Vanek (jvanek@redhat.com): -Fixing rhbz#648499 - BuildRequires: redhat-lsb ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|