[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16

updates at fedoraproject.org updates at fedoraproject.org
Sat Nov 5 01:27:14 UTC 2011 

---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15020
2011-10-28 21:25:53
---------------------------------------------------------------------------=
-----

Name        : java-1.6.0-openjdk
Product     : Fedora 16
Version     : 1.6.0.0
Release     : 60.1.10.4.fc16
URL         : http://icedtea.classpath.org/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

---------------------------------------------------------------------------=
-----
Update Information:

Update to latest upstream bugfix release

* Security fixes
  - S7000600, CVE-2011-3547: InputStream skip() information leak
  - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
  - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
  - S7032417, CVE-2011-3552: excessive default UDP socket limit under Secur=
ityManager
  - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
  - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting en=
gine
  - S7055902, CVE-2011-3521: IIOP deserialization code execution
  - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress erro=
r checks
  - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack agai=
nst SSL/TLS (BEAST)
  - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
  - S7077466, CVE-2011-3556: RMI DGC server remote code execution
  - S7083012, CVE-2011-3557: RMI registry privileged code execution
  - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConne=
ction
* Bug fixes
  - RH727195: Japanese font mappings are broken
* Backports
  - S6826104, RH730015: Getting a NullPointer exception when clicked on App=
lication & Toolkit Modal dialog
* Zero/Shark
  - PR690: Shark fails to JIT using hs20.
  - PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20.

* Added Patch6 as (probably temporally) solution for S7103224 for buildabil=
ity on newest glibc libraries.
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #745387 - CVE-2011-3547 OpenJDK: InputStream skip() information=
 leak (Networking/IO, 7000600)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745387
  [ 2 ] Bug #745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ct=
or (AWT, 7019773)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745473
  [ 3 ] Bug #745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer=
 overflow (2D, 7023640)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745391
  [ 4 ] Bug #745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket l=
imit under SecurityManager (Networking, 7032417)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745397
  [ 5 ] Bug #745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces informatio=
n leak (JAX-WS, 7046794)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745476
  [ 6 ] Bug #745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks=
 in scripting engine (Scripting, 7046823)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745399
  [ 7 ] Bug #745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code exec=
ution (Deserialization, 7055902)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745442
  [ 8 ] Bug #745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files=
 uncompress error checks (Runtime, 7057857)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745447
  [ 9 ] Bug #737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext atta=
ck against SSL/TLS (BEAST)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D737506
  [ 10 ] Bug #745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Ho=
tspot, 7070134)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745492
  [ 11 ] Bug #745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code ex=
ecution (RMI, 7077466)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745459
  [ 12 ] Bug #745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code =
execution (RMI, 7083012)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745464
  [ 13 ] Bug #745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls=
 in HttpsURLConnection (JSSE, 7096936)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D745379
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update java-1.6.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----

More information about the package-announce mailing list