Date:         Mon, 16 Nov 2009 15:29:16 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: java (jdk 1.6.0) on SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: java (jdk 1.6.0) security update
Issue date:	2009-11-09
CVE Names:	CVE-2009-2409 CVE-2009-3728 CVE-2009-3729
                   CVE-2009-3865 CVE-2009-3866 CVE-2009-3867
                   CVE-2009-3868 CVE-2009-3869 CVE-2009-3871
                   CVE-2009-3872 CVE-2009-3873 CVE-2009-3874
                   CVE-2009-3875 CVE-2009-3876 CVE-2009-3877
                   CVE-2009-3879 CVE-2009-3880 CVE-2009-3881
                   CVE-2009-3882 CVE-2009-3883 CVE-2009-3884
                   CVE-2009-3886

CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack 
vulnerabilities  (6863503)
CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 
(6864911) CVE-2009-3877
CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow  (6874643)
CVE-2009-3728 OpenJDK ICC_Profile file existence detection information 
leak (6631533)
CVE-2009-3881 OpenJDK resurrected classloaders can still have children 
(6636650)
CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable 
variables (6657026,6657138)
CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)
CVE-2009-3729 JRE TrueType font parsing crash (6815780)
CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets 
with signed Jar files (6870531)
CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start 
Installer  (6872824)
CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer 
overflow via a long file: URL argument (6854303)
CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via 
crafted image file due improper color profiles parsing (6862970)

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the 
References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, 
CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, 
CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, 
CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, 
CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)

All running instances of Sun Java must be restarted for the update to 
take effect.

SL 4.x

      SRPMS:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.src.rpm
      i386:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm
      x86_64:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm

SL 5.x

      SRPMS:
java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.src.rpm
      i386:
java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm
      x86_64:

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-2409 Critical: java (jdk 1.6.0) SL4.x,

Critical: java (jdk 1.6.0) security update

Summary

Date:         Mon, 16 Nov 2009 15:29:16 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: java (jdk 1.6.0) on SL4.x,              SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: java (jdk 1.6.0) security updateIssue date:	2009-11-09CVE Names:	CVE-2009-2409 CVE-2009-3728 CVE-2009-3729                   CVE-2009-3865 CVE-2009-3866 CVE-2009-3867                   CVE-2009-3868 CVE-2009-3869 CVE-2009-3871                   CVE-2009-3872 CVE-2009-3873 CVE-2009-3874                   CVE-2009-3875 CVE-2009-3876 CVE-2009-3877                   CVE-2009-3879 CVE-2009-3880 CVE-2009-3881                   CVE-2009-3882 CVE-2009-3883 CVE-2009-3884                   CVE-2009-3886CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities  (6863503)CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow  (6874643)CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650)CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138)CVE-2009-3880 OpenJDK UI logging information leakage(6664512)CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)CVE-2009-3729 JRE TrueType font parsing crash (6815780)CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531)CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer  (6872824)CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)This update fixes several vulnerabilities in the Sun Java 6 RuntimeEnvironment and the Sun Java 6 Software Development Kit. Thesevulnerabilities are summarized on the "Advance notification of SecurityUpdates for Java SE" page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)All running instances of Sun Java must be restarted for the update to take effect.SL 4.x      SRPMS:java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.src.rpm      i386:java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpmjdk-1.6.0_17-fcs.i586.rpm      x86_64:java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpmjdk-1.6.0_17-fcs.i586.rpmSL 5.x      SRPMS:java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.src.rpm      i386:java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.i586.rpmjdk-1.6.0_17-fcs.i586.rpm      x86_64:-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved