Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in java-1.6.0-openjdk
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in java-1.6.0-openjdk
ID: MDVSA-2012:169
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0, Mandriva 2011
Datum: Do, 1. November 2012, 17:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5979
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Applikationen: OpenJDK

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1351780394-3513-34

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:169
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : java-1.6.0-openjdk
 Date    : November 1, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple security issues were identified and fixed in OpenJDK
 (icedtea6):
 
  * S6631398, CVE-2012-3216: FilePermission improved path checking
  * S7093490: adjust package access in rmiregistry
  * S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  * S7167656, CVE-2012-5077: Multiple Seeders are being created
  * S7169884, CVE-2012-5073: LogManager checks do not work correctly
  for sub-types
  * S7169888, CVE-2012-5075: Narrowing resource definitions in JMX
  RMI connector
  * S7172522, CVE-2012-5072: Improve DomainCombiner checking
  * S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  * S7189103, CVE-2012-5069: Executors needs to maintain state
  * S7189490: More improvements to DomainCombiner checking
  * S7189567, CVE-2012-5085: java net obselete protocol
  * S7192975, CVE-2012-5071: Conditional usage check is wrong
  * S7195194, CVE-2012-5084: Better data validation for Swing
  * S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should
  be improved
  * S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without
  needing to create instance
  * S7198296, CVE-2012-5089: Refactor classloader usage
  * S7158800: Improve storage of symbol tables
  * S7158801: Improve VM CompileOnly option
  * S7158804: Improve config file parsing
  * S7176337: Additional changes needed for 7158801 fix
  * S7198606, CVE-2012-4416: Improve VM optimization
 
 The updated packages provides icedtea6-1.11.5 which is not vulnerable
 to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5979
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 b0b8d9c220ca7c5fd6679d6848de69eb 
 2011/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 45ea196c75b18bef9ecb5bc97615c1f3 
 2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 f33ac952a55cdb585a59e6021367482f 
 2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 6ad5fcabc72830cd332cd9e5243be609 
 2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm
 49008a850c545e90a0ebb002902528eb 
 2011/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1-mdv2011.0.i586.rpm 
 06e7da198f48cd281fe905deed67fd5c 
 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1.src.rpm

 Mandriva Linux 2011/X86_64:
 debfb115214191ac94d4282463962909 
 2011/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 09e81180ede0595f8068ef9baeb2da22 
 2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 d93f958ff56643adf973770ace599211 
 2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 3a65468343ff92731e0a408f85d7e304 
 2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm
 ee4cf446eac536bf729eabf15a88867d 
 2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1-mdv2011.0.x86_64.rpm 
 06e7da198f48cd281fe905deed67fd5c 
 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1.src.rpm

 Mandriva Enterprise Server 5:
 bcf38e820f1aa357fa0d64c50d323599 
 mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 7b79269ef163cab203f9b815f5216926 
 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 24068e420773723a130cff03ae1ef47b 
 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 5e3611c799dcfdf1471a327ec5955ac7 
 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm
 d7ecadb7be4bfed8502367a5fc4ace40 
 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1mdvmes5.2.i586.rpm 
 62663a8650988b3fdfb56b67c17e0970 
 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d4fcb3225426ce983273bf6d6730d5bb 
 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 237544fc49a02cba3438506d52e0392d 
 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 32b6e494b5f8f26d0be80ce8114d7738 
 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 fc520c63a052179c93611e4686fa0127 
 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm
 abc7f180d25764804f217a7b7ef2f0c4 
 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.1mdvmes5.2.x86_64.rpm 
 62663a8650988b3fdfb56b67c17e0970 
 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQklqImqjQ0CJFipgRAiNOAJ4qA9L2NTdql1htD7pQDNJrDlPnUgCguupW
xu3AOptE+B1OsUdPAeTUH5o=
=2CFK
-----END PGP SIGNATURE-----


------------=_1351780394-3513-34
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1351780394-3513-34--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung