Subject: | |
From: | |
Reply To: | |
Date: | Mon, 31 Aug 2009 13:38:43 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Critical: java (jdk 1.6.0) security update
Issue date: 2009-08-24
CVE Names: CVE-2009-0217 CVE-2009-2475 CVE-2009-2476
CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
CVE-2009-2672 CVE-2009-2673 CVE-2009-2674
CVE-2009-2675 CVE-2009-2676 CVE-2009-2690
CVE-2009-0217 xmlsec1, mono, xml-security-c,
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing
and authentication bypass
CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks
(6801071)
CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket
connections (6801497)
CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow
(6823373)
CVE-2009-2675 Java Web Start Buffer unpack200 processing integer
overflow (6830335)
CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
CVE-2009-2475 OpenJDK information leaks in mutable variables
(6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)
CVE-2009-2690 OpenJDK private variable information disclosure (6777487)
CVE-2009-2676 JRE applet launcher vulnerability
All running instances of Sun Java must be restarted for the update to
take effect.
SL 4.x
SRPMS:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.src.rpm
i386:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm
x86_64:
java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm
SL 5.x
SRPMS:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.src.rpm
i386:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
jdk-1.6.0_16-fcs.i586.rpm
x86_64:
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.x86_64.rpm
jdk-1.6.0_16-fcs.i586.rpm
jdk-1.6.0_16-fcs.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|