Subject: | |
From: | |
Reply To: | |
Date: | Mon, 7 Feb 2011 12:43:13 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: java-1.6.0-openjdk security update
Issue date: 2011-01-25
CVE Names: CVE-2010-3860 CVE-2010-4351
A public static field declaration allowed untrusted JNLP (Java Network
Launching Protocol) applications to read privileged data. A remote
attacker could directly or indirectly read the values of restricted
system properties, such as "user.name", "user.home", and "java.home",
which untrusted applications should not be allowed to read. (CVE-2010-3860)
It was found that JNLPSecurityManager could silently return without
throwing an exception when permission was denied. If the javaws command
was used to launch a Java Web Start application that relies on this
exception being thrown, it could result in that application being run
with elevated privileges, allowing it to bypass security manager
restrictions and gain access to privileged functionality. (CVE-2010-4351)
Note: The previous java-1.6.0-openjdk update installed javaws by
mistake. As part of the fixes for CVE-2010-3860 and CVE-2010-4351, this
update removes javaws.
This erratum also upgrades the OpenJDK package to IcedTea6 1.7.7. Refer
to the NEWS file, linked to in the References, for further information.
All running instances of OpenJDK Java must be restarted for the update
to take effect.
SL 5.x
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.i386.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.17.b17.el5.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.17.b17.el5.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.17.b17.el5.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.17.b17.el5.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.17.b17.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|