Date:         Tue, 6 Apr 2010 11:27:17 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: java-1.6.0-openjdk on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: java-1.6.0-openjdk security update
Issue date:	2010-03-31
CVE Names:	CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
                   CVE-2010-0085 CVE-2010-0088 CVE-2010-0091
                   CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
                   CVE-2010-0095 CVE-2010-0837 CVE-2010-0838
                   CVE-2010-0840 CVE-2010-0845 CVE-2010-0847
                   CVE-2010-0848

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A 
man-in-the-middle attacker could use this flaw to prefix arbitrary plain 
text to a client's session (for example, an HTTPS connection to a 
website). This could force the server to process an attacker's request 
as if authenticated using the victim's credentials. (CVE-2009-3555)

This update disables renegotiation in the Java Secure Socket Extension
(JSSE) component. Unsafe renegotiation can be re-enabled using the
sun.security.ssl.allowUnsafeRenegotiation property.

A number of flaws have been fixed in the Java Virtual Machine (JVM) and 
in various Java class implementations. These flaws could allow an 
unsigned applet or application to bypass intended access restrictions.
(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)

An untrusted applet could access clipboard information if a drag 
operation was performed over that applet's canvas. This could lead to an 
information leak. (CVE-2010-0091)

The rawIndex operation incorrectly handled large values, causing the
corruption of internal memory structures, resulting in an untrusted 
applet or application crashing. (CVE-2010-0092)

The System.arraycopy operation incorrectly handled large index values,
potentially causing array corruption in an untrusted applet or 
application. (CVE-2010-0093)

Subclasses of InetAddress may incorrectly interpret network addresses,
allowing an untrusted applet or application to bypass network access
restrictions. (CVE-2010-0095)

In certain cases, type assignments could result in "non-exact" interface
types. This could be used to bypass type-safety restrictions.
(CVE-2010-0845)

A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an
untrusted applet or application using color profiles from untrusted 
sources to crash. (CVE-2010-0838)

An input validation flaw was found in the JRE unpack200 functionality. 
An untrusted applet or application could use this flaw to elevate its
privileges. (CVE-2010-0837)

Deferred calls to trusted applet methods could be granted incorrect
permissions, allowing an untrusted applet or application to extend its
privileges. (CVE-2010-0840)

A missing input validation flaw in the JRE could allow an attacker to 
crash an untrusted applet or application. (CVE-2010-0848)

A flaw in Java2D could allow an attacker to execute arbitrary code with 
the privileges of a user running an untrusted applet or application that 
uses Java2D. (CVE-2010-0847)

Note: The flaws concerning applets in this advisory, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, 
CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, 
CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0847, and 
CVE-2010-0848, can only be triggered in java-1.6.0-openjdk by calling 
the "appletviewer" application.

This update also provides three defense in depth patches. (BZ#575745,
BZ#575861, BZ#575789)

All running instances of OpenJDK Java must be restarted for the update 
to take effect.

SL 5.x

     SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.src.rpm
     i386:
java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.i386.rpm
     x86_64:
java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-3555 Important: java-1.6.0-openjdk SL5.x i386/x86_64

Important: java-1.6.0-openjdk security update

Summary

CVE-2010-0840 CVE-2010-0845 CVE-2010-0847CVE-2010-0848A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. Aman-in-the-middle attacker could use this flaw to prefix arbitrary plaintext to a client's session (for example, an HTTPS connection to awebsite). This could force the server to process an attacker's requestas if authenticated using the victim's credentials. (CVE-2009-3555)This update disables renegotiation in the Java Secure Socket Extension(JSSE) component. Unsafe renegotiation can be re-enabled using thesun.security.ssl.allowUnsafeRenegotiation property.A number of flaws have been fixed in the Java Virtual Machine (JVM) andin various Java class implementations. These flaws could allow anunsigned applet or application to bypass intended access restrictions.(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)An untrusted applet could access clipboard information if a dragoperation was performed over that applet's canvas. This could lead to aninformation leak. (CVE-2010-0091)The rawIndex operation incorrectly handled large values, causing thecorruption of internal memory structures, resulting in an untrustedapplet or application crashing. (CVE-2010-0092)The System.arraycopy operation incorrectly handled large index values,potentially causing array corruption in an untrusted applet orapplication. (CVE-2010-0093)Subclasses of InetAddress may incorrectly interpret network addresses,allowing an untrusted applet or application to bypass network accessrestrictions. (CVE-2010-0095)In certain cases, type assignments could result in "non-exact" interfacetypes. This could be used to bypass type-safety restrictions.(CVE-2010-0845)A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause anuntrusted applet or application using color profiles from untrustedsources to crash. (CVE-2010-0838)An input validation flaw was found in the JRE unpack200 functionality.An untrusted applet or application could use this flaw to elevate itsprivileges. (CVE-2010-0837)Deferred calls to trusted applet methods could be granted incorrectpermissions, allowing an untrusted applet or application to extend itsprivileges. (CVE-2010-0840)A missing input validation flaw in the JRE could allow an attacker tocrash an untrusted applet or application. (CVE-2010-0848)A flaw in Java2D could allow an attacker to execute arbitrary code withthe privileges of a user running an untrusted applet or application thatuses Java2D. (CVE-2010-0847)Note: The flaws concerning applets in this advisory, CVE-2010-0082,CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091,CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0847, andCVE-2010-0848, can only be triggered in java-1.6.0-openjdk by callingthe "appletviewer" application.This update also provides three defense in depth patches. (BZ#575745,BZ#575861, BZ#575789)All running instances of OpenJDK Java must be restarted for the updateto take effect.SL 5.xSRPMS:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.src.rpmi386:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.i386.rpmjava-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.i386.rpmx86_64:java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5.x86_64.rpmjava-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity
Issued Date: : 2010-03-31
CVE Names: CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0088 CVE-2010-0091
CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
CVE-2010-0095 CVE-2010-0837 CVE-2010-0838

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved