[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10

updates at fedoraproject.org updates at fedoraproject.org
Sun Dec 7 04:33:22 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10913
2008-12-07 02:17:14
--------------------------------------------------------------------------------

Name        : java-1.6.0-openjdk
Product     : Fedora 10
Version     : 1.6.0.0
Release     : 7.b12.fc10
URL         : http://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

OpenJDK security patches applied.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-7.b12
- Set runtests to 0.
* Tue Dec  2 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-7.b12
- Updated pkgversion to include release and arch.
- Set runtests to 1.
- Added new security patch.
- Resolves: rhbz#468484
- Resolves: rhbz#472862
- Resolves: rhbz#472234
- Resolves: rhbz#472233
- Resolves: rhbz#472231
- Resolves: rhbz#472228
- Resolves: rhbz#472224
- Resolves: rhbz#472218
- Resolves: rhbz#472213
- Resolves: rhbz#472212
- Resolves: rhbz#472211
- Resolves: rhbz#472209
- Resolves: rhbz#472208
- Resolves: rhbz#472206
- Resolves: rhbz#472201
* Mon Nov 24 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-6.b12
- Removed java-1.6.0-openjdk-plugin-1217.patch.
- Added java-1.6.0-openjdk-plugin-1219.patch.
- Updated Release.
* Fri Nov 21 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-5.b12
- Added plugin patch to resolve issues on 64-bit.
- Resolves: rhbz#471987
- Resolves: rhbz#465531
- Resolves: rhbz#470551
* Thu Nov 20 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-5.b12
- Redirect error from removing gcjwebplugin link.
- Resolves: rhbz#471568
* Thu Nov 13 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-4.b12
- Added java-fonts to Provides for base package.
- Resolves: rhbz#469893
* Wed Nov 12 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-4.b12
- Fixed pulse audio build requirements.
- Updated release.
- Resolves: rhbz#471229
* Fri Nov  7 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-3.b12
- Updated icedteasnapshot.
- Resolves: rhbz#453290
- Resolves: rhbz#469361
* Wed Nov  5 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-3.b12
- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.
- Updated release.
- Updated icedteasnapshot.
- Updated icedteaver.
- Updated visualvm source.
* Thu Oct 30 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-2.b12
- Fixed post plugin scriptlet to work for install, as well as upgrade.
* Wed Oct 29 2008 Lillian Angel <langel at redhat.com> - 1:1.6.0-2.b12
- Fixed release string.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
        https://bugzilla.redhat.com/show_bug.cgi?id=472201
  [ 2 ] Bug #472208 - CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
        https://bugzilla.redhat.com/show_bug.cgi?id=472208
  [ 3 ] Bug #472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
        https://bugzilla.redhat.com/show_bug.cgi?id=472211
  [ 4 ] Bug #472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
        https://bugzilla.redhat.com/show_bug.cgi?id=472213
  [ 5 ] Bug #472224 - CVE-2008-5353 OpenJDK calender object deserialization allows privilege escalation (6734167)
        https://bugzilla.redhat.com/show_bug.cgi?id=472224
  [ 6 ] Bug #472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
        https://bugzilla.redhat.com/show_bug.cgi?id=472231
  [ 7 ] Bug #472234 - CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
        https://bugzilla.redhat.com/show_bug.cgi?id=472234
  [ 8 ] Bug #472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
        https://bugzilla.redhat.com/show_bug.cgi?id=472206
  [ 9 ] Bug #472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
        https://bugzilla.redhat.com/show_bug.cgi?id=472209
  [ 10 ] Bug #472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
        https://bugzilla.redhat.com/show_bug.cgi?id=472212
  [ 11 ] Bug #472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
        https://bugzilla.redhat.com/show_bug.cgi?id=472218
  [ 12 ] Bug #472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
        https://bugzilla.redhat.com/show_bug.cgi?id=472228
  [ 13 ] Bug #472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
        https://bugzilla.redhat.com/show_bug.cgi?id=472233
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list