Fedora 10: 2008-10913 Critical: OpenJDK Security Enhancements

The OpenJDK runtime environment.

OpenJDK security patches applied.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Set runtests to 0.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Updated pkgversion to include release and arch.

- Set runtests to 1.

- Added new security patch.

- Resolves: rhbz#468484

- Resolves: rhbz#472862

- Resolves: rhbz#472234

- Resolves: rhbz#472233

- Resolves: rhbz#472231

- Resolves: rhbz#472228

- Resolves: rhbz#472224

- Resolves: rhbz#472218

- Resolves: rhbz#472213

- Resolves: rhbz#472212

- Resolves: rhbz#472211

- Resolves: rhbz#472209

- Resolves: rhbz#472208

- Resolves: rhbz#472206

- Resolves: rhbz#472201

* Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12

- Removed java-1.6.0-openjdk-plugin-1217.patch.

- Added java-1.6.0-openjdk-plugin-1219.patch.

- Updated Release.

* Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12

- Added plugin patch to resolve issues on 64-bit.

- Resolves: rhbz#471987

- Resolves: rhbz#465531

- Resolves: rhbz#470551

* Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12

- Redirect error from removing gcjwebplugin link.

- Resolves: rhbz#471568

* Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12

- Added java-fonts to Provides for base package.

- Resolves: rhbz#469893

* Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12

- Fixed pulse audio build requirements.

- Updated release.

- Resolves: rhbz#471229

* Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12

- Updated icedteasnapshot.

- Resolves: rhbz#453290

- Resolves: rhbz#469361

* Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12

- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.

- Updated release.

- Updated icedteasnapshot.

- Updated icedteaver.

- Updated visualvm source.

* Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed post plugin scriptlet to work for install, as well as upgrade.

* Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed release string.

[ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)

https://bugzilla.redhat.com/show_bug.cgi?id=472201

[ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)

https://bugzilla.redhat.com/show_bug.cgi?id=472208

[ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)

https://bugzilla.redhat.com/show_bug.cgi?id=472211

[ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

https://bugzilla.redhat.com/show_bug.cgi?id=472213

[ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)

https://bugzilla.redhat.com/show_bug.cgi?id=472224

[ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)

https://bugzilla.redhat.com/show_bug.cgi?id=472231

[ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)

https://bugzilla.redhat.com/show_bug.cgi?id=472234

[ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)

https://bugzilla.redhat.com/show_bug.cgi?id=472206

[ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)

https://bugzilla.redhat.com/show_bug.cgi?id=472209

[ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)

https://bugzilla.redhat.com/show_bug.cgi?id=472212

[ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)

https://bugzilla.redhat.com/show_bug.cgi?id=472218

[ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)

https://bugzilla.redhat.com/show_bug.cgi?id=472228

[ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)

https://bugzilla.redhat.com/show_bug.cgi?id=472233

su -c 'yum update java-1.6.0-openjdk' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/