1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2507-1] openjdk-6 security update

    From Moritz Muehlenhoff@1:229/2 to All on Wed Jul 4 17:10:01 2012
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2507-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    July 04, 2012 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openjdk-6
    Vulnerability : several
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717
    CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724
    CVE-2012-1725

    Several vulnerabilities have been discovered in OpenJDK, an
    implementation of the Oracle Java platform.

    CVE-2012-1711 CVE-2012-1719

    Multiple errors in the CORBA implementation could lead to
    breakouts of the Java sandbox

    CVE-2012-1713

    Missing input sanitising in the font manager could lead to
    the execution of arbitrary code.

    CVE-2012-1716

    The SynthLookAndFeel Swing class could be abused to break
    out of the Java sandbox.

    CVE-2012-1717

    Several temporary files were created insecurely, resulting in
    local information disclosure.

    CVE-2012-1718

    Certificate revocation lists were incorrectly implemented.

    CVE-2012-1723 CVE-2012-1725

    Validation errors in the bytecode verifier of the Hotspot VM
    could lead to breakouts of the Java sandbox.

    CVE-2012-1724

    Missing input sanitising in the XML parser could lead to denial
    of service through an infinite loop.

    For the stable distribution (squeeze), this problem has been fixed in
    version 6b18-1.8.13-0+squeeze2.

    For the unstable distribution (sid), this problem has been fixed in
    version 6b24-1.11.3-1.

    We recommend that you upgrade your openjdk-6 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iEYEARECAAYFAk/0U10ACgkQXm3vHE4uylqxkQCff+aQUmhZa/IXaK2d1YlCxejl PJgAmgL3N9gFdAzyFN4SdsyKJAReobfE
    =8QAk
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)