-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:126 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : August 15, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in java-1.6.0-openjdk: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization (CVE-2011-0865). Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-0862). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-0867). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ (CVE-2011-0869). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2011-0868). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot (CVE-2011-0864). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing (CVE-2011-0871). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to versions which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 19d265aa46efb3258d4b4cc7e73dbbb5 2009.0/i586/icedtea-web-1.0.4-0.2mdv2009.0.i586.rpm c1f3d3c181547b334ae1c8b15d5237a0 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.i586.rpm d9f5607c72e4f4a4505177ea3ea969be 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.i586.rpm 53b0c3bb0e810c59d6eaef6e042da0b8 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.i586.rpm 7f943009d100860baac42203568e6ac4 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.i586.rpm bc5eeeefc469ffa521ed38987498336b 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.i586.rpm 48be307c53c6eecca3f3dc1490f229d9 2009.0/i586/libxrender1-0.9.6-0.1mdv2009.0.i586.rpm 554c86426aeec975f3a50c18c96adadc 2009.0/i586/libxrender-devel-0.9.6-0.1mdv2009.0.i586.rpm e07e83effc61bde329ea7e224460a327 2009.0/i586/libxrender-static-devel-0.9.6-0.1mdv2009.0.i586.rpm 508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm 6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm 54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ae9f928190ede8942ac1aff89fe2f463 2009.0/x86_64/icedtea-web-1.0.4-0.2mdv2009.0.x86_64.rpm fa2141bfeb38567d55713e1cc0d0cebf 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm 174eaeed97f7b861138ae96c9b5d8993 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm 6db525e9a731a01eefe9ffeb61d3add0 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm f0c543aea5e2073b58f3a09d8081e785 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm dea21aca839de0d21601887308449b32 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm 5dc2eadd81004cc5aa1644521b9e40af 2009.0/x86_64/lib64xrender1-0.9.6-0.1mdv2009.0.x86_64.rpm 001c4afe613fa6dcc317cf71896be57b 2009.0/x86_64/lib64xrender-devel-0.9.6-0.1mdv2009.0.x86_64.rpm 5539885e9c91f5114dec2476df3b4cc6 2009.0/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2009.0.x86_64.rpm 508b185fd12ecc76467b49f24d7b2217 2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm 6af1f5671e368bd1b4c58dd16ea0017c 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm 54be43c2618facb1d935cb520aefa833 2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm Mandriva Linux 2010.1: af7f9f7275e503319c42604e44a93f78 2010.1/i586/icedtea-web-1.0.4-0.2mdv2010.2.i586.rpm 235712e4b1e878607715ad1e2a2fc6e7 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.i586.rpm cb738210a1d89e1d7a6f35e7c711ab10 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.i586.rpm 8a426eac6eb9787a15b9cd0a69a3d415 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.i586.rpm f452545a878a69df9d7bbf26f17e009e 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.i586.rpm 9e7ed926eadbd1be9a371627fb5e7cbc 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.i586.rpm 0c235232aa7bc5ed98c459c7a8538acf 2010.1/i586/libxrender1-0.9.6-0.1mdv2010.2.i586.rpm 6bc3d56a7395063f4cb7bd3de9744ff2 2010.1/i586/libxrender-devel-0.9.6-0.1mdv2010.2.i586.rpm 78dae2ae6305cb11b9938fd9470c87a8 2010.1/i586/libxrender-static-devel-0.9.6-0.1mdv2010.2.i586.rpm ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm 55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0bd89ff2c5ddcc783092e8dcc9acaec1 2010.1/x86_64/icedtea-web-1.0.4-0.2mdv2010.2.x86_64.rpm 93172eb2586f4f3dbae66d0abaf88c81 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm 967c5bb38487820b259d192aefbcb9e6 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm 8676fc951ad6ec322579db64714b1486 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm caf43f0f0225dc5c903317a022e38a69 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm 6bed48be7d85aec169b7860da60f400b 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm 0bf576b059af48591c95fc9364c86083 2010.1/x86_64/lib64xrender1-0.9.6-0.1mdv2010.2.x86_64.rpm af28d32a7d64d44d96c73ee784fbb725 2010.1/x86_64/lib64xrender-devel-0.9.6-0.1mdv2010.2.x86_64.rpm a0dbb140973cdb9d57fc04c3a4c69126 2010.1/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2010.2.x86_64.rpm ee8f5afeb5896a84ccb4459c47ed1b11 2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm ee1ed4d0bd5e2754464df0597b8a55aa 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm 55b0784e0c2b42114998cf694ef1fb02 2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: 804975906b9a7af0dd528a2cfdb16ac6 mes5/i586/icedtea-web-1.0.4-0.2mdvmes5.2.i586.rpm 4bc3bd160048659e0e29008b51a9023a mes5/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm c899d91a69b2dfafec9b17a7c884969b mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm c605a09cc06a5b85a385332cf2796725 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm 039af4fca1593a5b3a0d0eae0ca76692 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm ec14265c03a3636a43b5c99c743b18a0 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm d3d1636413e0f54d2c7c349600657675 mes5/i586/libxrender1-0.9.6-0.1mdvmes5.2.i586.rpm 6adfc8948ce1f7fe3f517229db281454 mes5/i586/libxrender-devel-0.9.6-0.1mdvmes5.2.i586.rpm f5f988a83c0a7c3713530d46fcc4a0f7 mes5/i586/libxrender-static-devel-0.9.6-0.1mdvmes5.2.i586.rpm c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm 5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm 709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: f670e23a581cca291ece27139e788dc1 mes5/x86_64/icedtea-web-1.0.4-0.2mdvmes5.2.x86_64.rpm 0f3893008199b11f87d18edce4554de6 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm 6fad2efe89e7efe9387933e65e3cadd0 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm 80a052ca0777874763cf1735b4f706ff mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm 6990b2b5c0de9c1e2d7248a021ef0ba8 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm 4a39be86e947e6a61fb3002a130c83e1 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm a4b0d0938c5802bf0e998c38f0f0f427 mes5/x86_64/lib64xrender1-0.9.6-0.1mdvmes5.2.x86_64.rpm dfebaaf4394ac9f1f8a8f465784ceb63 mes5/x86_64/lib64xrender-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm 2ba6d8a3903b1ff61f3494bacde1048b mes5/x86_64/lib64xrender-static-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm c7c4c75829e2d8622c2e947605a27091 mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm 5b7a1163490afaf752c05102c23be41f mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm 709ae35d50b7155fe89a6fd2d26eb865 mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFOSSBxmqjQ0CJFipgRAge9AKC/zeEWPazF5pZpS7q1uKjW/Gk1bgCgtDCN xWq7I61m6QqApgs/cRKngYg= =HCN8 -----END PGP SIGNATURE-----