What Are You Looking For?

Sign Up
Date:         Mon, 31 Aug 2009 13:38:43 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: java (jdk 1.6.0) on SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: java (jdk 1.6.0) security update
Issue date:	2009-08-24
CVE Names:	CVE-2009-0217 CVE-2009-2475 CVE-2009-2476
                   CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
                   CVE-2009-2672 CVE-2009-2673 CVE-2009-2674
                   CVE-2009-2675 CVE-2009-2676 CVE-2009-2690

CVE-2009-0217 xmlsec1, mono, xml-security-c, 
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing 
and authentication bypass
CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks 
(6801071)
CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket 
connections  (6801497)
CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow 
(6823373)
CVE-2009-2675 Java Web Start Buffer unpack200 processing integer 
overflow (6830335)
CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
CVE-2009-2475 OpenJDK information leaks in mutable variables 
(6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)
CVE-2009-2690 OpenJDK private variable information disclosure (6777487)
CVE-2009-2676 JRE applet launcher vulnerability

All running instances of Sun Java must be restarted for the update to 
take effect.


SL 4.x

      SRPMS:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.src.rpm
      i386:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm
      x86_64:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm

SL 5.x

      SRPMS:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.src.rpm
      i386:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm
      x86_64:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.x86_64.rpm
jdk-1.6.0_16-fcs.i586.rpm
jdk-1.6.0_16-fcs.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0217 Critical: java (jdk 1.6.0) SL4.x,

Critical: java (jdk 1.6.0) security update

Summary

Date:         Mon, 31 Aug 2009 13:38:43 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: java (jdk 1.6.0) on SL4.x,              SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: java (jdk 1.6.0) security updateIssue date:	2009-08-24CVE Names:	CVE-2009-0217 CVE-2009-2475 CVE-2009-2476                   CVE-2009-2625 CVE-2009-2670 CVE-2009-2671                   CVE-2009-2672 CVE-2009-2673 CVE-2009-2674                   CVE-2009-2675 CVE-2009-2676 CVE-2009-2690CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypassCVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections  (6801497)CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)CVE-2009-2690 OpenJDK private variable information disclosure (6777487)CVE-2009-2676 JRE applet launcher vulnerabilityAll running instances of Sun Java must be restarted for the update to take effect.SL 4.x      SRPMS:java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.src.rpm      i386:java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpmjdk-1.6.0_16-fcs.i586.rpm      x86_64:java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpmjdk-1.6.0_16-fcs.i586.rpmSL 5.x      SRPMS:java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.src.rpm      i386:java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpmjdk-1.6.0_16-fcs.i586.rpm      x86_64:java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpmjava-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.x86_64.rpmjdk-1.6.0_16-fcs.i586.rpmjdk-1.6.0_16-fcs.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo