Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora: 2009-2982 Critical Lcms Java Security Update Available Now

fedora
Calendar Grey March 24, 2009
Dist Fedora Esm H88
Critical patch released to tackle lcms vulnerability in Java for Fedora 10, enhancing system protection against unauthorized user exploitation.
Fixes important lcms security bug which gives unwarranted access to malicious users.

Summary

The OpenJDK runtime environment.

Fixes important lcms security bug which gives unwarranted access to malicious

users.

* Fri Mar 20 2009 Lillian Angel - 1:1.6.0-11.b14

- Added java-1.6.0-openjdk-lcms.patch.

* Wed Feb 11 2009 Dennis Gilmore - 1:1.6.0-10.b14

- fix sparc arch building asm-sparc has gone. we only have asm/ now

- add sparc arches back to the jit arch list

* Mon Jan 26 2009 Lillian Angel - 1:1.6.0-10.b14

- Updated sources.

* Fri Jan 23 2009 Lillian Angel - 1:1.6.0-10.b14

- Added accessibility patch.

* Thu Jan 22 2009 Lillian Angel - 1:1.6.0-10.b14

- Updated to icedtea-1.4 snapshot.

- Updated release.

- Removed netbeans and visualvm.

- Added hotspot source.

- Added --with-hotspot-src-zip build option.

- Set runtests to 1.

- Updated jtreg log.

- Updated openjdkver.

- Updated openjdkdate.

- Added new patch to add GNOME to java.security.

- Resolves: rhbz#472953

- Resolves: rhbz#475081

- Resolves: rhbz#452573

- Resolves: rhbz#474431

- Resolves: rhbz#474503

- Resolves: rhbz#472862

- Resolves: rhbz#477351

- Resolves: rhbz#475109

- Resolves: rhbz#476462

* Sun Jan 11 2009 Lillian Angel - 1:1.6.0-8.b12

- Removed README.plugin, updated source list.

- Updated release.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Set runtests to 0.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Updated pkgversion to include release and arch.

- Set runtests to 1.

- Added new security patch.

- Resolves: rhbz#468484

- Resolves: rhbz#472862

- Resolves: rhbz#472234

- Resolves: rhbz#472233

- Resolves: rhbz#472231

- Resolves: rhbz#472228

- Resolves: rhbz#472224

- Resolves: rhbz#472218

- Resolves: rhbz#472213

- Resolves: rhbz#472212

- Resolves: rhbz#472211

- Resolves: rhbz#472209

- Resolves: rhbz#472208

- Resolves: rhbz#472206

- Resolves: rhbz#472201

* Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12

- Removed java-1.6.0-openjdk-plugin-1217.patch.

- Added java-1.6.0-openjdk-plugin-1219.patch.

- Updated Release.

* Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12

- Added plugin patch to resolve issues on 64-bit.

- Resolves: rhbz#471987

- Resolves: rhbz#465531

- Resolves: rhbz#470551

* Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12

- Redirect error from removing gcjwebplugin link.

- Resolves: rhbz#471568

* Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12

- Added java-fonts to Provides for base package.

- Resolves: rhbz#469893

* Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12

- Fixed pulse audio build requirements.

- Updated release.

- Resolves: rhbz#471229

* Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12

- Updated icedteasnapshot.

- Resolves: rhbz#453290

- Resolves: rhbz#469361

* Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12

- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.

- Updated release.

- Updated icedteasnapshot.

- Updated icedteaver.

- Updated visualvm source.

* Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed post plugin scriptlet to work for install, as well as upgrade.

* Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed release string.

[ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=487508

[ 2 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak

https://bugzilla.redhat.com/show_bug.cgi?id=487509

[ 3 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes

https://bugzilla.redhat.com/show_bug.cgi?id=487512

su -c 'yum update java-1.6.0-openjdk' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora access control security fix Java update Java lcms

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 10
Version: 1.6.0.0
Release: 11.b14.fc10
URL: https://icedtea.classpath.org/
Summary: OpenJDK Runtime Environment

Topics%20covered

Topics Covered

security advisory Fedora access control security fix Java update Java lcms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here