Synopsis: Critical: java (jdk 1.6.0) security update
Issue date: 2009-11-09
CVE Names: CVE-2009-2409 CVE-2009-3728 CVE-2009-3729
CVE-2009-3865 CVE-2009-3866 CVE-2009-3867
CVE-2009-3868 CVE-2009-3869 CVE-2009-3871
CVE-2009-3872 CVE-2009-3873 CVE-2009-3874
CVE-2009-3875 CVE-2009-3876 CVE-2009-3877
CVE-2009-3879 CVE-2009-3880 CVE-2009-3881
CVE-2009-3882 CVE-2009-3883 CVE-2009-3884
CVE-2009-3886
CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack
vulnerabilities (6863503)
CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service
(6864911) CVE-2009-3877
CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643)
CVE-2009-3728 OpenJDK ICC_Profile file existence detection information
leak (6631533)
CVE-2009-3881 OpenJDK resurrected classloaders can still have children
(6636650)
CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable
variables (6657026,6657138)
CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)
CVE-2009-3729 JRE TrueType font parsing crash (6815780)
CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets
with signed Jar files (6870531)
CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start
Installer (6872824)
CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer
overflow via a long file: URL argument (6854303)
CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via
crafted image file due improper color profiles parsing (6862970)
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the
References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729,
CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,
CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,
CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,
CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
All running instances of Sun Java must be restarted for the update to
take effect.
SL 4.x
SRPMS:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.src.rpm
i386:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm
x86_64:
java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm
SL 5.x
SRPMS:
java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.src.rpm
i386:
java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp.i586.rpm
jdk-1.6.0_17-fcs.i586.rpm
x86_64:
-Connie Sieh
-Troy Dawson
|