Re: [SECURITY] [DSA 2358-1] openjdk-6 security update
Sheeps!
On 5 Dec 2011, at 19:28, Florian Weimer <fw@deneb.enyo.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2358-1 security@debian.org
> http://www.debian.org/security/
> December 05, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : openjdk-6
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
>
> Several vulnerabilities have been discovered in OpenJDK, an
> implementation of the Java platform. This combines the two previous
> openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
>
> CVE-2011-0862
> Integer overflow errors in the JPEG and font parser allow
> untrusted code (including applets) to elevate its privileges.
>
> CVE-2011-0864
> Hotspot, the just-in-time compiler in OpenJDK, mishandled
> certain byte code instructions, allowing untrusted code
> (including applets) to crash the virtual machine.
>
> CVE-2011-0865
> A race condition in signed object deserialization could
> allow untrusted code to modify signed content, apparently
> leaving its signature intact.
>
> CVE-2011-0867
> Untrusted code (including applets) could access information
> about network interfaces which was not intended to be public.
> (Note that the interface MAC address is still available to
> untrusted code.)
>
> CVE-2011-0868
> A float-to-long conversion could overflow, , allowing
> untrusted code (including applets) to crash the virtual
> machine.
>
> CVE-2011-0869
> Untrusted code (including applets) could intercept HTTP
> requests by reconfiguring proxy settings through a SOAP
> connection.
>
> CVE-2011-0871
> Untrusted code (including applets) could elevate its
> privileges through the Swing MediaTracker code.
>
> CVE-2011-3389
> The TLS implementation does not guard properly against certain
> chosen-plaintext attacks when block ciphers are used in CBC
> mode.
>
> CVE-2011-3521
> The CORBA implementation contains a deserialization
> vulnerability in the IIOP implementation, allowing untrusted
> Java code (such as applets) to elevate its privileges.
>
> CVE-2011-3544
> The Java scripting engine lacks necessary security manager
> checks, allowing untrusted Java code (such as applets) to
> elevate its privileges.
>
> CVE-2011-3547
> The skip() method in java.io.InputStream uses a shared buffer,
> allowing untrusted Java code (such as applets) to access data
> that is skipped by other code.
>
> CVE-2011-3548
> The java.awt.AWTKeyStroke class contains a flaw which allows
> untrusted Java code (such as applets) to elevate its
> privileges.
>
> CVE-2011-3551
> The Java2D C code contains an integer overflow which results
> in a heap-based buffer overflow, potentially allowing
> untrusted Java code (such as applets) to elevate its
> privileges.
>
> CVE-2011-3552
> Malicous Java code can use up an excessive amount of UDP
> ports, leading to a denial of service.
>
> CVE-2011-3553
> JAX-WS enables stack traces for certain server responses by
> default, potentially leaking sensitive information.
>
> CVE-2011-3554
> JAR files in pack200 format are not properly checked for
> errors, potentially leading to arbitrary code execution when
> unpacking crafted pack200 files.
>
> CVE-2011-3556
> The RMI Registry server lacks access restrictions on certain
> methods, allowing a remote client to execute arbitary code.
>
> CVE-2011-3557
> The RMI Registry server fails to properly restrict privileges
> of untrusted Java code, allowing RMI clients to elevate their
> privileges on the RMI Registry server.
>
> CVE-2011-3560
> The com.sun.net.ssl.HttpsURLConnection class does not perform
> proper security manager checks in the setSSLSocketFactory()
> method, allowing untrusted Java code to bypass security policy
> restrictions.
>
> For the oldstable distribution (lenny), these problems have been fixed
> in version 6b18-1.8.10-0~lenny1.
>
> We recommend that you upgrade your openjdk-6 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iQEcBAEBAgAGBQJO3RnzAAoJEL97/wQC1SS+zXQH/0Pi6nBlmJGO1Kee2vWJ6i8S
> yomxE3+neJRnm74MG6jto+PkEpoH7hBot5tAT4r5GnNjXKJJJGV+Qb3zLKuKnLWp
> Yr8z8AnxHJNOO4Fs99vP0ocKF+Modr/rtGx8rziJ4uDjpc/GtPzUrfbKC4wYuWtD
> iX1Pnx/AL7/IVsOuOqoRKvwqWb5hoCSHZfLvepCu4ClaRa2Im3Zd8GzRXjj1l3l8
> hQIjuLsIOjWv0uK+fTlbibOubBi+CrRdHY9mPrgergDuCmR0ZN+pcMhwHFtfgdj+
> KBvHIBVk5l3PY9KhrGkHsv6fsPNHKlo2o2QAjQ3Klw+fQsATwU5LmzRpAH38v0E=
> =4MRP
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/87pqg2q0po.fsf@mid.deneb.enyo.de
>
Reply to: