What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-8337
2009-08-07 04:36:12
--------------------------------------------------------------------------------

Name        : java-1.6.0-openjdk
Product     : Fedora 10
Version     : 1.6.0.0
Release     : 20.b16.fc10
URL         : https://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

Urgent security fixes have been included.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2009 Lillian Angel  - 1:1.6.0-20.b16
- Updated java-1.6.0-openjdk-netx.patch, and renamed to 
java-1.6.0-openjdk-netxandplugin.patch.
- Added java-1.6.0-openjdk-securitypatches.patch.
- Resolves: rhbz#512101
- Resolves: rhbz#512896
- Resolves: rhbz#512914
- Resolves: rhbz#512907
- Resolves: rhbz#512921
- Resolves: rhbz#511915
- Resolves: rhbz#512915
- Resolves: rhbz#512920
- Resolves: rhbz#512714
- Resolves: rhbz#513215
- Resolves: rhbz#513220
- Resolves: rhbz#513222
- Resolves: rhbz#513223
- Resolves: rhbz#503794
* Thu Jul  9 2009 Lillian Angel  - 1:1.6.0-19.b16
- Added java-1.6.0-openjdk-netx.patch
- Moved policytool to devel package.
- Updated release.
- Resolves: rhbz#507870
- Resolves: rhbz#471346
* Fri May 29 2009 Lillian Angel  - 1:1.6.0-18.b16
- Fixed abs-install-dir.
- Updated release.
* Fri May 29 2009 Lillian Angel  - 1:1.6.0-17.b16
- Set icedteasnapshot to nil.
- Updated release.
* Wed May 20 2009 Lillian Angel  - 1:1.6.0-16.b16
- Set icedteasnapshot. Only release candidate.
* Tue May 19 2009 Lillian Angel  - 1:1.6.0-16.b16
- Removed java-1.6.0-openjdk-lcms.patch java-1.6.0-openjdk-securitypatches.patch 
java-1.6.0-openjdk-pulsejava.patch.
- Updated sparc patches.
- Updated release.
- Updated icedteaver.
- Updated openjdkver.
- Updated openjdkdate.
- Adjusted buildoutputdir.
- Set runtests to 0. Hanging test causing problems.
- Include systemtap support, install hotspot tapset.
- Resolves: rhbz#479041 
- Resolves: rhbz#480075 
- Resolves: rhbz#483095 
- Resolves: rhbz#487872 
- Resolves: rhbz#467591 
- Resolves: rhbz#487452 
- Resolves: rhbz#498109 
- Resolves: rhbz#497191 
- Resolves: rhbz#462876 
- Resolves: rhbz#489586
- Resolves: rhbz#501391
* Mon Apr  6 2009 Lillian Angel  - 1:1.6.0-15.b14
- Updated java-1.6.0-openjdk-lcms.patch
* Thu Apr  2 2009 Lillian Angel  - 1:1.6.0-14.b14
- Added java-1.6.0-openjdk-pulsejava.patch.
- Updated release.
- Updated java-1.6.0-openjdk-lcms.patch.
- Resolves: rhbz#492367
- Resolves: rhbz#493276
* Tue Mar 24 2009 Lillian Angel  - 1:1.6.0-13.b14
- Updated java-1.6.0-openjdk-lcms.patch.
* Tue Mar 24 2009 Lillian Angel  - 1:1.6.0-12.b14
- Updated release.
- Added java-1.6.0-openjdk-securitypatches.patch.
* Fri Mar 20 2009 Lillian Angel  - 1:1.6.0-11.b14
- Added java-1.6.0-openjdk-lcms.patch.
* Wed Feb 11 2009 Dennis Gilmore  - 1:1.6.0-10.b14
- fix sparc arch building asm-sparc has gone. we only have asm/ now
- add sparc arches back to the jit arch list
* Mon Jan 26 2009 Lillian Angel  - 1:1.6.0-10.b14
- Updated sources.
* Fri Jan 23 2009 Lillian Angel  - 1:1.6.0-10.b14
- Added accessibility patch.
* Thu Jan 22 2009 Lillian Angel  - 1:1.6.0-10.b14
- Updated to icedtea-1.4 snapshot.
- Updated release.
- Removed netbeans and visualvm.
- Added hotspot source.
- Added --with-hotspot-src-zip build option.
- Set runtests to 1.
- Updated jtreg log.
- Updated openjdkver.
- Updated openjdkdate.
- Added new patch to add GNOME to java.security.
- Resolves: rhbz#472953
- Resolves: rhbz#475081
- Resolves: rhbz#452573
- Resolves: rhbz#474431
- Resolves: rhbz#474503
- Resolves: rhbz#472862
- Resolves: rhbz#477351
- Resolves: rhbz#475109
- Resolves: rhbz#476462
* Sun Jan 11 2009 Lillian Angel  - 1:1.6.0-8.b12
- Removed README.plugin, updated source list.
- Updated release.
* Tue Dec  2 2008 Lillian Angel  - 1:1.6.0-7.b12
- Set runtests to 0.
* Tue Dec  2 2008 Lillian Angel  - 1:1.6.0-7.b12
- Updated pkgversion to include release and arch.
- Set runtests to 1.
- Added new security patch.
- Resolves: rhbz#468484
- Resolves: rhbz#472862
- Resolves: rhbz#472234
- Resolves: rhbz#472233
- Resolves: rhbz#472231
- Resolves: rhbz#472228
- Resolves: rhbz#472224
- Resolves: rhbz#472218
- Resolves: rhbz#472213
- Resolves: rhbz#472212
- Resolves: rhbz#472211
- Resolves: rhbz#472209
- Resolves: rhbz#472208
- Resolves: rhbz#472206
- Resolves: rhbz#472201
* Mon Nov 24 2008 Lillian Angel  - 1:1.6.0-6.b12
- Removed java-1.6.0-openjdk-plugin-1217.patch.
- Added java-1.6.0-openjdk-plugin-1219.patch.
- Updated Release.
* Fri Nov 21 2008 Lillian Angel  - 1:1.6.0-5.b12
- Added plugin patch to resolve issues on 64-bit.
- Resolves: rhbz#471987
- Resolves: rhbz#465531
- Resolves: rhbz#470551
* Thu Nov 20 2008 Lillian Angel  - 1:1.6.0-5.b12
- Redirect error from removing gcjwebplugin link.
- Resolves: rhbz#471568
* Thu Nov 13 2008 Lillian Angel  - 1:1.6.0-4.b12
- Added java-fonts to Provides for base package.
- Resolves: rhbz#469893
* Wed Nov 12 2008 Lillian Angel  - 1:1.6.0-4.b12
- Fixed pulse audio build requirements.
- Updated release.
- Resolves: rhbz#471229
* Fri Nov  7 2008 Lillian Angel  - 1:1.6.0-3.b12
- Updated icedteasnapshot.
- Resolves: rhbz#453290
- Resolves: rhbz#469361
* Wed Nov  5 2008 Lillian Angel  - 1:1.6.0-3.b12
- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.
- Updated release.
- Updated icedteasnapshot.
- Updated icedteaver.
- Updated visualvm source.
* Thu Oct 30 2008 Lillian Angel  - 1:1.6.0-2.b12
- Fixed post plugin scriptlet to work for install, as well as upgrade.
* Wed Oct 29 2008 Lillian Angel  - 1:1.6.0-2.b12
- Fixed release string.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #511915 - CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=511915
  [ 2 ] Bug #513215 - CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
        https://bugzilla.redhat.com/show_bug.cgi?id=513215
  [ 3 ] Bug #513220 - CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)
        https://bugzilla.redhat.com/show_bug.cgi?id=513220
  [ 4 ] Bug #512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
        https://bugzilla.redhat.com/show_bug.cgi?id=512921
  [ 5 ] Bug #512896 - CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
        https://bugzilla.redhat.com/show_bug.cgi?id=512896
  [ 6 ] Bug #512907 - CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks  (6801071)
        https://bugzilla.redhat.com/show_bug.cgi?id=512907
  [ 7 ] Bug #512914 - CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections  (6801497)
        https://bugzilla.redhat.com/show_bug.cgi?id=512914
  [ 8 ] Bug #512915 - CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)
        https://bugzilla.redhat.com/show_bug.cgi?id=512915
  [ 9 ] Bug #512920 - CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)
        https://bugzilla.redhat.com/show_bug.cgi?id=512920
  [ 10 ] Bug #513222 - CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges  (6777448)
        https://bugzilla.redhat.com/show_bug.cgi?id=513222
  [ 11 ] Bug #513223 - CVE-2009-2690 OpenJDK private variable information disclosure (6777487)
        https://bugzilla.redhat.com/show_bug.cgi?id=513223
  [ 12 ] Bug #512101 - CVE-2009-1896 openjdk/netx grants privileges for signed jars to bundled unsigned jars        https://bugzilla.redhat.com/show_bug.cgi?id=512101
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10

August 7, 2009
Urgent security fixes have been included.

Summary

The OpenJDK runtime environment.

Update Information:

Urgent security fixes have been included.

Change Log

* Wed Aug 5 2009 Lillian Angel - 1:1.6.0-20.b16 - Updated java-1.6.0-openjdk-netx.patch, and renamed to java-1.6.0-openjdk-netxandplugin.patch. - Added java-1.6.0-openjdk-securitypatches.patch. - Resolves: rhbz#512101 - Resolves: rhbz#512896 - Resolves: rhbz#512914 - Resolves: rhbz#512907 - Resolves: rhbz#512921 - Resolves: rhbz#511915 - Resolves: rhbz#512915 - Resolves: rhbz#512920 - Resolves: rhbz#512714 - Resolves: rhbz#513215 - Resolves: rhbz#513220 - Resolves: rhbz#513222 - Resolves: rhbz#513223 - Resolves: rhbz#503794 * Thu Jul 9 2009 Lillian Angel - 1:1.6.0-19.b16 - Added java-1.6.0-openjdk-netx.patch - Moved policytool to devel package. - Updated release. - Resolves: rhbz#507870 - Resolves: rhbz#471346 * Fri May 29 2009 Lillian Angel - 1:1.6.0-18.b16 - Fixed abs-install-dir. - Updated release. * Fri May 29 2009 Lillian Angel - 1:1.6.0-17.b16 - Set icedteasnapshot to nil. - Updated release. * Wed May 20 2009 Lillian Angel - 1:1.6.0-16.b16 - Set icedteasnapshot. Only release candidate. * Tue May 19 2009 Lillian Angel - 1:1.6.0-16.b16 - Removed java-1.6.0-openjdk-lcms.patch java-1.6.0-openjdk-securitypatches.patch java-1.6.0-openjdk-pulsejava.patch. - Updated sparc patches. - Updated release. - Updated icedteaver. - Updated openjdkver. - Updated openjdkdate. - Adjusted buildoutputdir. - Set runtests to 0. Hanging test causing problems. - Include systemtap support, install hotspot tapset. - Resolves: rhbz#479041 - Resolves: rhbz#480075 - Resolves: rhbz#483095 - Resolves: rhbz#487872 - Resolves: rhbz#467591 - Resolves: rhbz#487452 - Resolves: rhbz#498109 - Resolves: rhbz#497191 - Resolves: rhbz#462876 - Resolves: rhbz#489586 - Resolves: rhbz#501391 * Mon Apr 6 2009 Lillian Angel - 1:1.6.0-15.b14 - Updated java-1.6.0-openjdk-lcms.patch * Thu Apr 2 2009 Lillian Angel - 1:1.6.0-14.b14 - Added java-1.6.0-openjdk-pulsejava.patch. - Updated release. - Updated java-1.6.0-openjdk-lcms.patch. - Resolves: rhbz#492367 - Resolves: rhbz#493276 * Tue Mar 24 2009 Lillian Angel - 1:1.6.0-13.b14 - Updated java-1.6.0-openjdk-lcms.patch. * Tue Mar 24 2009 Lillian Angel - 1:1.6.0-12.b14 - Updated release. - Added java-1.6.0-openjdk-securitypatches.patch. * Fri Mar 20 2009 Lillian Angel - 1:1.6.0-11.b14 - Added java-1.6.0-openjdk-lcms.patch. * Wed Feb 11 2009 Dennis Gilmore - 1:1.6.0-10.b14 - fix sparc arch building asm-sparc has gone. we only have asm/ now - add sparc arches back to the jit arch list * Mon Jan 26 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated sources. * Fri Jan 23 2009 Lillian Angel - 1:1.6.0-10.b14 - Added accessibility patch. * Thu Jan 22 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated to icedtea-1.4 snapshot. - Updated release. - Removed netbeans and visualvm. - Added hotspot source. - Added --with-hotspot-src-zip build option. - Set runtests to 1. - Updated jtreg log. - Updated openjdkver. - Updated openjdkdate. - Added new patch to add GNOME to java.security. - Resolves: rhbz#472953 - Resolves: rhbz#475081 - Resolves: rhbz#452573 - Resolves: rhbz#474431 - Resolves: rhbz#474503 - Resolves: rhbz#472862 - Resolves: rhbz#477351 - Resolves: rhbz#475109 - Resolves: rhbz#476462 * Sun Jan 11 2009 Lillian Angel - 1:1.6.0-8.b12 - Removed README.plugin, updated source list. - Updated release. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed release string.

References

[ 1 ] Bug #511915 - CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass https://bugzilla.redhat.com/show_bug.cgi?id=511915 [ 2 ] Bug #513215 - CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167) https://bugzilla.redhat.com/show_bug.cgi?id=513215 [ 3 ] Bug #513220 - CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293) https://bugzilla.redhat.com/show_bug.cgi?id=513220 [ 4 ] Bug #512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) https://bugzilla.redhat.com/show_bug.cgi?id=512921 [ 5 ] Bug #512896 - CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524) https://bugzilla.redhat.com/show_bug.cgi?id=512896 [ 6 ] Bug #512907 - CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071) https://bugzilla.redhat.com/show_bug.cgi?id=512907 [ 7 ] Bug #512914 - CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497) https://bugzilla.redhat.com/show_bug.cgi?id=512914 [ 8 ] Bug #512915 - CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373) https://bugzilla.redhat.com/show_bug.cgi?id=512915 [ 9 ] Bug #512920 - CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335) https://bugzilla.redhat.com/show_bug.cgi?id=512920 [ 10 ] Bug #513222 - CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448) https://bugzilla.redhat.com/show_bug.cgi?id=513222 [ 11 ] Bug #513223 - CVE-2009-2690 OpenJDK private variable information disclosure (6777487) https://bugzilla.redhat.com/show_bug.cgi?id=513223 [ 12 ] Bug #512101 - CVE-2009-1896 openjdk/netx grants privileges for signed jars to bundled unsigned jars https://bugzilla.redhat.com/show_bug.cgi?id=512101

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : java-1.6.0-openjdk
Product : Fedora 10
Version : 1.6.0.0
Release : 20.b16.fc10
URL : https://icedtea.classpath.org/
Summary : OpenJDK Runtime Environment

Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo