Name : java-1.6.0-openjdk Product : Fedora 15 Version : 1.6.0.0 Release : 63.1.10.6.fc15 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment.
------------------------------------------------------------------------------- - Update Information:
The update contains the following security fixes:
- - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- - S7088367, CVE-2011-3563: Fix issues in java sound
- - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- - S7110687, CVE-2012-0503: Issues with TimeZone class
- - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in
ObjectStreamClass
- - S7110704, CVE-2012-0506: Issues with some method in corba
- - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering
object
- - S7118283, CVE-2012-0501: Better input parameter checking in zip file
processing
- - S7126960, CVE-2011-5035: (httpserver) Add property to limit number
of request headers to the HTTP Server
This release also contains the following additional fix:
- - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch
------------------------------------------------------------------------------- - ChangeLog:
* Sat Feb 11 2012 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-63.1.10.6 - Updated to IcedTea6 1.10.6 - Security fixes - S7082299: Fix in AtomicReferenceArray - S7088367: Fix issues in java sound - S7110683: Issues with some KeyboardFocusManager method - S7110687: Issues with TimeZone class - S7110700: Enhance exception throwing mechanism in ObjectStreamClass - S7110704: Issues with some method in corba - S7112642: Incorrect checking for graphics rendering object - S7118283: Better input parameter checking in zip file processing - S7126960: Add property to limit number of request headers to the HTTP Server - Bug fixes - RH580478: Desktop files should not use hardcoded path * Tue Jan 24 2012 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-62.1.10.5 - Updated to IcedTea6 1.10.5 - Backports S7034464, Support transparent large pages on Linux S7037939, NUMA: Disable adaptive resizing if SHM large pages are used S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl S7094468, RH751203: rmiregistry clean up S7103725, RH767129: REGRESSION – 6u29 breaks ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA S6851973, PR830: ignore incoming channel binding if acceptor does not set one S7091528, javadoc attempts to parse .class files * Fri Nov 25 2011 Omair Majid <omajid@redhat.com> - 1:1.6.0.0-61.1.10.4 - Fix rhbz#741821 * Thu Oct 13 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-60.1.10.4 - updated to icedtea6 1.10.4 - Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection - Bug fixes - RH727195 : Japanese font mappings are broken - Backports - S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog - Zero/Shark - PR690: Shark fails to JIT using hs20. - PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20. * Fri Jul 22 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-59.1.10.3 - updated to icedtea6 1.10.3 - http://blog.fuseyism.com/index.php/2011/07/21/icedtea6-1103-released/ * Fri Jun 10 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-58.1.10.2 - added requires: fontconfig - resolves: rhbz#708201 * Mon Jun 6 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-58.1.10.2 - Resolves: rhbz#709375 - Bumped to IcedTea6 1.10.2 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() (win) - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|