LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Note: jdk-1.6.0_16-fcs.x86_64.rpm could not be signed.  All other rpm's
are signed with the usual signature.

We are sorry for the inconvenience that this causes.

Troy Dawson

Troy J Dawson wrote:
> Synopsis:	Critical: java (jdk 1.6.0) security update
> Issue date:	2009-08-24
> CVE Names:	CVE-2009-0217 CVE-2009-2475 CVE-2009-2476
>                    CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
>                    CVE-2009-2672 CVE-2009-2673 CVE-2009-2674
>                    CVE-2009-2675 CVE-2009-2676 CVE-2009-2690
> 
> CVE-2009-0217 xmlsec1, mono, xml-security-c, 
> xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing 
> and authentication bypass
> CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
> CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks 
> (6801071)
> CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket 
> connections  (6801497)
> CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow 
> (6823373)
> CVE-2009-2675 Java Web Start Buffer unpack200 processing integer 
> overflow (6830335)
> CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
> CVE-2009-2475 OpenJDK information leaks in mutable variables 
> (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
> CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)
> CVE-2009-2690 OpenJDK private variable information disclosure (6777487)
> CVE-2009-2676 JRE applet launcher vulnerability
> 
> All running instances of Sun Java must be restarted for the update to 
> take effect.
> 
> 
> SL 4.x
> 
>       SRPMS:
> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.src.rpm
>       i386:
> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
> jdk-1.6.0_16-fcs.i586.rpm
>       x86_64:
> java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp.i586.rpm
> jdk-1.6.0_16-fcs.i586.rpm
> 
> SL 5.x
> 
>       SRPMS:
> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.src.rpm
>       i386:
> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
> jdk-1.6.0_16-fcs.i586.rpm
>       x86_64:
> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.i586.rpm
> java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp.x86_64.rpm
> jdk-1.6.0_16-fcs.i586.rpm
> jdk-1.6.0_16-fcs.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________