[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2358-1] openjdk-6 security update

Sheeps!

On 5 Dec 2011, at 19:28, Florian Weimer <fw@deneb.enyo.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2358-1                   security@debian.org
> http://www.debian.org/security/
> December 05, 2011                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : openjdk-6
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
>
> Several vulnerabilities have been discovered in OpenJDK, an
> implementation of the Java platform.  This combines the two previous
> openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
>
> CVE-2011-0862
>    Integer overflow errors in the JPEG and font parser allow
>    untrusted code (including applets) to elevate its privileges.
>
> CVE-2011-0864
>    Hotspot, the just-in-time compiler in OpenJDK, mishandled
>    certain byte code instructions, allowing untrusted code
>    (including applets) to crash the virtual machine.
>
> CVE-2011-0865
>    A race condition in signed object deserialization could
>    allow untrusted code to modify signed content, apparently
>    leaving its signature intact.
>
> CVE-2011-0867
>    Untrusted code (including applets) could access information
>    about network interfaces which was not intended to be public.
>    (Note that the interface MAC address is still available to
>    untrusted code.)
>
> CVE-2011-0868
>    A float-to-long conversion could overflow, , allowing
>    untrusted code (including applets) to crash the virtual
>    machine.
>
> CVE-2011-0869
>    Untrusted code (including applets) could intercept HTTP
>    requests by reconfiguring proxy settings through a SOAP
>    connection.
>
> CVE-2011-0871
>    Untrusted code (including applets) could elevate its
>    privileges through the Swing MediaTracker code.
>
> CVE-2011-3389
>    The TLS implementation does not guard properly against certain
>    chosen-plaintext attacks when block ciphers are used in CBC
>    mode.
>
> CVE-2011-3521
>    The CORBA implementation contains a deserialization
>    vulnerability in the IIOP implementation, allowing untrusted
>    Java code (such as applets) to elevate its privileges.
>
> CVE-2011-3544
>    The Java scripting engine lacks necessary security manager
>    checks, allowing untrusted Java code (such as applets) to
>    elevate its privileges.
>
> CVE-2011-3547
>    The skip() method in java.io.InputStream uses a shared buffer,
>    allowing untrusted Java code (such as applets) to access data
>    that is skipped by other code.
>
> CVE-2011-3548
>    The java.awt.AWTKeyStroke class contains a flaw which allows
>    untrusted Java code (such as applets) to elevate its
>    privileges.
>
> CVE-2011-3551
>    The Java2D C code contains an integer overflow which results
>    in a heap-based buffer overflow, potentially allowing
>    untrusted Java code (such as applets) to elevate its
>    privileges.
>
> CVE-2011-3552
>    Malicous Java code can use up an excessive amount of UDP
>    ports, leading to a denial of service.
>
> CVE-2011-3553
>    JAX-WS enables stack traces for certain server responses by
>    default, potentially leaking sensitive information.
>
> CVE-2011-3554
>    JAR files in pack200 format are not properly checked for
>    errors, potentially leading to arbitrary code execution when
>    unpacking crafted pack200 files.
>
> CVE-2011-3556
>    The RMI Registry server lacks access restrictions on certain
>    methods, allowing a remote client to execute arbitary code.
>
> CVE-2011-3557
>    The RMI Registry server fails to properly restrict privileges
>    of untrusted Java code, allowing RMI clients to elevate their
>    privileges on the RMI Registry server.
>
> CVE-2011-3560
>    The com.sun.net.ssl.HttpsURLConnection class does not perform
>    proper security manager checks in the setSSLSocketFactory()
>    method, allowing untrusted Java code to bypass security policy
>    restrictions.
>
> For the oldstable distribution (lenny), these problems have been fixed
> in version 6b18-1.8.10-0~lenny1.
>
> We recommend that you upgrade your openjdk-6 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iQEcBAEBAgAGBQJO3RnzAAoJEL97/wQC1SS+zXQH/0Pi6nBlmJGO1Kee2vWJ6i8S
> yomxE3+neJRnm74MG6jto+PkEpoH7hBot5tAT4r5GnNjXKJJJGV+Qb3zLKuKnLWp
> Yr8z8AnxHJNOO4Fs99vP0ocKF+Modr/rtGx8rziJ4uDjpc/GtPzUrfbKC4wYuWtD
> iX1Pnx/AL7/IVsOuOqoRKvwqWb5hoCSHZfLvepCu4ClaRa2Im3Zd8GzRXjj1l3l8
> hQIjuLsIOjWv0uK+fTlbibOubBi+CrRdHY9mPrgergDuCmR0ZN+pcMhwHFtfgdj+
> KBvHIBVk5l3PY9KhrGkHsv6fsPNHKlo2o2QAjQ3Klw+fQsATwU5LmzRpAH38v0E=
> =4MRP
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/87pqg2q0po.fsf@mid.deneb.enyo.de
>
Reply to: