SciLinux: CVE-2009-3555 Important: java-1.6.0-openjdk SL5.x i386/x86_64
Summary
CVE-2010-0840 CVE-2010-0845 CVE-2010-0847CVE-2010-0848A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. Aman-in-the-middle attacker could use this flaw to prefix arbitrary plaintext to a client's session (for example, an HTTPS connection to awebsite). This could force the server to process an attacker's requestas if authenticated using the victim's credentials. (CVE-2009-3555)This update disables renegotiation in the Java Secure Socket Extension(JSSE) component. Unsafe renegotiation can be re-enabled using thesun.security.ssl.allowUnsafeRenegotiation property.A number of flaws have been fixed in the Java Virtual Machine (JVM) andin various Java class implementations. These flaws could allow anunsigned applet or application to bypass intended access restrictions.(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)An untrusted applet could access clipboard information if a dragoperation was performed over that applet's canvas. This could lead to aninformation leak. (CVE-2010-0091)The rawIndex operation incorrectly handled large values, causing thecorruption of internal memory structures, resulting in an untrustedapplet or application crashing. (CVE-2010-0092)The System.arraycopy operation incorrectly handled large index values,potentially causing array corruption in an untrusted applet orapplication. (CVE-2010-0093)Subclasses of InetAddress may incorrectly interpret network addresses,allowing an untrusted applet or application to bypass network accessrestrictions. (CVE-2010-0095)In certain cases, type assignments could result in "non-exact" interfacetypes. This could be used to bypass type-safety restrictions.(CVE-2010-0845)A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause anuntrusted applet or application using color profiles from untrustedsources to crash. (CVE-2010-0838)An input validation flaw was found in the JRE unpack200 functionality.An untrusted applet or application could use this flaw to elevate itsprivileges. (CVE-2010-0837)Deferred calls to trusted applet methods could be granted incorrectpermissions, allowing an untrusted applet or application to extend itsprivileges. (CVE-2010-0840)A missing input validation flaw in the JRE could allow an attacker tocrash an untrusted applet or application. (CVE-2010-0848)A flaw in Java2D could allow an attacker to execute arbitrary code withthe privileges of a user running an untrusted applet or application thatuses Java2D. (CVE-2010-0847)Note: The flaws concerning applets in this advisory, CVE-2010-0082,CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091,CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0847, andCVE-2010-0848, can only be triggered in java-1.6.0-openjdk by callingthe "appletviewer" application.This update also provides three defense in depth patches. (BZ#575745,BZ#575861, BZ#575789)All running instances of OpenJDK Java must be restarted for the updateto take effect.SL 5.xSRPMS:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.src.rpmi386:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.i386.rpmx86_64:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.x86_64.rpm-Connie Sieh-Troy Dawson