LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Critical: java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Mon, 31 Aug 2009 13:40:02 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

Note: jdk-1.6.0_16-fcs.x86_64.rpm could not be signed.  All other rpm's

are signed with the usual signature.



We are sorry for the inconvenience that this causes.



Troy Dawson



Troy J Dawson wrote:

> Synopsis:	Critical: java (jdk 1.6.0) security update

> Issue date:	2009-08-24

> CVE Names:	CVE-2009-0217 CVE-2009-2475 CVE-2009-2476

>                    CVE-2009-2625 CVE-2009-2670 CVE-2009-2671

>                    CVE-2009-2672 CVE-2009-2673 CVE-2009-2674

>                    CVE-2009-2675 CVE-2009-2676 CVE-2009-2690

> 

> CVE-2009-0217 xmlsec1, mono, xml-security-c, 

> xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing 

> and authentication bypass

> CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)

> CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks 

> (6801071)

> CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket 

> connections  (6801497)

> CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow 

> (6823373)

> CVE-2009-2675 Java Web Start Buffer unpack200 processing integer 

> overflow (6830335)

> CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)

> CVE-2009-2475 OpenJDK information leaks in mutable variables 

> (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)

> CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)

> CVE-2009-2690 OpenJDK private variable information disclosure (6777487)

> CVE-2009-2676 JRE applet launcher vulnerability

> 

> All running instances of Sun Java must be restarted for the update to 

> take effect.

> 

> 

> SL 4.x

> 

>       SRPMS:

> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.src.rpm

>       i386:

> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm

> jdk-1.6.0_16-fcs.i586.rpm

>       x86_64:

> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm

> jdk-1.6.0_16-fcs.i586.rpm

> 

> SL 5.x

> 

>       SRPMS:

> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.src.rpm

>       i386:

> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm

> jdk-1.6.0_16-fcs.i586.rpm

>       x86_64:

> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm

> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.x86_64.rpm

> jdk-1.6.0_16-fcs.i586.rpm

> jdk-1.6.0_16-fcs.x86_64.rpm

> 

> -Connie Sieh

> -Troy Dawson

> 

> 

> 

> 





-- 

__________________________________________________

Troy Dawson  [log in to unmask]  (630)840-6468

Fermilab  ComputingDivision/LCSI/CSI LMSS Group

__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV