U radu programskog paketa java-1.6.0-openjdk uočeni su i ispravljeni višestruki sigurnosni propusti. Moguće ih je iskoristiti kako bi se utjecalo na tajnost, integritet i dostupnost podataka.
| Paket: | java-1.6.0-openjdk |
| Operacijski sustavi: | Mandriva Linux 2009.0, Mandriva Linux 2010.1, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 7.4 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | izmjena podataka |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-0865, CVE-2011-0862, CVE-2011-0867, CVE-2011-0869, CVE-2011-0868, CVE-2011-0864, CVE-2011-0871 |
| Izvorni ID preporuke: | MDVSA-2011:126 |
| Izvor: | Mandriva |
| Problem: | |
| Propusti su posljedica višestrukih nespecificiranih ranjivosti u komponenti Java Runtime Environment. |
|
| Posljedica: | |
| Napadaču omogućuju utjecaj na tajnost, integritet i dostupnost podataka. |
|
| Rješenje: | |
| Korisnicima se preporuča instalacija odgovarajućih programskih ispravki. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:126
http://www.mandriva.com/security/
_______________________________________________________________________
Package : java-1.6.0-openjdk
Date : August 15, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk:
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
Web Start applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization (CVE-2011-0865).
Multiple unspecified vulnerabilities in the Java Runtime Environment
(JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allow remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to 2D (CVE-2011-0862).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web
Start applications and untrusted Java applets to affect confidentiality
via unknown vectors related to Networking (CVE-2011-0867).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 26 and earlier allows remote
untrusted Java Web Start applications and untrusted Java applets
to affect confidentiality via unknown vectors related to SAAJ
(CVE-2011-0869).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier allows remote
attackers to affect confidentiality via unknown vectors related to 2D
(CVE-2011-0868).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown vectors
related to HotSpot (CVE-2011-0864).
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update
29 and earlier, and 1.4.2_31 and earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
confidentiality, integrity, and availability via unknown vectors
related to Swing (CVE-2011-0871).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to versions which is not
vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
19d265aa46efb3258d4b4cc7e73dbbb5
2009.0/i586/icedtea-web-1.0.4-0.2mdv2009.0.i586.rpm
c1f3d3c181547b334ae1c8b15d5237a0
2009.0/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
d9f5607c72e4f4a4505177ea3ea969be
2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
53b0c3bb0e810c59d6eaef6e042da0b8
2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
7f943009d100860baac42203568e6ac4
2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
bc5eeeefc469ffa521ed38987498336b
2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.i586.rpm
48be307c53c6eecca3f3dc1490f229d9
2009.0/i586/libxrender1-0.9.6-0.1mdv2009.0.i586.rpm
554c86426aeec975f3a50c18c96adadc
2009.0/i586/libxrender-devel-0.9.6-0.1mdv2009.0.i586.rpm
e07e83effc61bde329ea7e224460a327
2009.0/i586/libxrender-static-devel-0.9.6-0.1mdv2009.0.i586.rpm
508b185fd12ecc76467b49f24d7b2217
2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
6af1f5671e368bd1b4c58dd16ea0017c
2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
54be43c2618facb1d935cb520aefa833
2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ae9f928190ede8942ac1aff89fe2f463
2009.0/x86_64/icedtea-web-1.0.4-0.2mdv2009.0.x86_64.rpm
fa2141bfeb38567d55713e1cc0d0cebf
2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
174eaeed97f7b861138ae96c9b5d8993
2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
6db525e9a731a01eefe9ffeb61d3add0
2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
f0c543aea5e2073b58f3a09d8081e785
2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
dea21aca839de0d21601887308449b32
2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2009.0.x86_64.rpm
5dc2eadd81004cc5aa1644521b9e40af
2009.0/x86_64/lib64xrender1-0.9.6-0.1mdv2009.0.x86_64.rpm
001c4afe613fa6dcc317cf71896be57b
2009.0/x86_64/lib64xrender-devel-0.9.6-0.1mdv2009.0.x86_64.rpm
5539885e9c91f5114dec2476df3b4cc6
2009.0/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2009.0.x86_64.rpm
508b185fd12ecc76467b49f24d7b2217
2009.0/SRPMS/icedtea-web-1.0.4-0.2mdv2009.0.src.rpm
6af1f5671e368bd1b4c58dd16ea0017c
2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2009.0.src.rpm
54be43c2618facb1d935cb520aefa833
2009.0/SRPMS/libxrender-0.9.6-0.1mdv2009.0.src.rpm
Mandriva Linux 2010.1:
af7f9f7275e503319c42604e44a93f78
2010.1/i586/icedtea-web-1.0.4-0.2mdv2010.2.i586.rpm
235712e4b1e878607715ad1e2a2fc6e7
2010.1/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
cb738210a1d89e1d7a6f35e7c711ab10
2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
8a426eac6eb9787a15b9cd0a69a3d415
2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
f452545a878a69df9d7bbf26f17e009e
2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
9e7ed926eadbd1be9a371627fb5e7cbc
2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.i586.rpm
0c235232aa7bc5ed98c459c7a8538acf
2010.1/i586/libxrender1-0.9.6-0.1mdv2010.2.i586.rpm
6bc3d56a7395063f4cb7bd3de9744ff2
2010.1/i586/libxrender-devel-0.9.6-0.1mdv2010.2.i586.rpm
78dae2ae6305cb11b9938fd9470c87a8
2010.1/i586/libxrender-static-devel-0.9.6-0.1mdv2010.2.i586.rpm
ee8f5afeb5896a84ccb4459c47ed1b11
2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
ee1ed4d0bd5e2754464df0597b8a55aa
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
55b0784e0c2b42114998cf694ef1fb02
2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0bd89ff2c5ddcc783092e8dcc9acaec1
2010.1/x86_64/icedtea-web-1.0.4-0.2mdv2010.2.x86_64.rpm
93172eb2586f4f3dbae66d0abaf88c81
2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
967c5bb38487820b259d192aefbcb9e6
2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
8676fc951ad6ec322579db64714b1486
2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
caf43f0f0225dc5c903317a022e38a69
2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
6bed48be7d85aec169b7860da60f400b
2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdv2010.2.x86_64.rpm
0bf576b059af48591c95fc9364c86083
2010.1/x86_64/lib64xrender1-0.9.6-0.1mdv2010.2.x86_64.rpm
af28d32a7d64d44d96c73ee784fbb725
2010.1/x86_64/lib64xrender-devel-0.9.6-0.1mdv2010.2.x86_64.rpm
a0dbb140973cdb9d57fc04c3a4c69126
2010.1/x86_64/lib64xrender-static-devel-0.9.6-0.1mdv2010.2.x86_64.rpm
ee8f5afeb5896a84ccb4459c47ed1b11
2010.1/SRPMS/icedtea-web-1.0.4-0.2mdv2010.2.src.rpm
ee1ed4d0bd5e2754464df0597b8a55aa
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdv2010.2.src.rpm
55b0784e0c2b42114998cf694ef1fb02
2010.1/SRPMS/libxrender-0.9.6-0.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
804975906b9a7af0dd528a2cfdb16ac6
mes5/i586/icedtea-web-1.0.4-0.2mdvmes5.2.i586.rpm
4bc3bd160048659e0e29008b51a9023a
mes5/i586/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
c899d91a69b2dfafec9b17a7c884969b
mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
c605a09cc06a5b85a385332cf2796725
mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
039af4fca1593a5b3a0d0eae0ca76692
mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
ec14265c03a3636a43b5c99c743b18a0
mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.i586.rpm
d3d1636413e0f54d2c7c349600657675
mes5/i586/libxrender1-0.9.6-0.1mdvmes5.2.i586.rpm
6adfc8948ce1f7fe3f517229db281454
mes5/i586/libxrender-devel-0.9.6-0.1mdvmes5.2.i586.rpm
f5f988a83c0a7c3713530d46fcc4a0f7
mes5/i586/libxrender-static-devel-0.9.6-0.1mdvmes5.2.i586.rpm
c7c4c75829e2d8622c2e947605a27091
mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
5b7a1163490afaf752c05102c23be41f
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
709ae35d50b7155fe89a6fd2d26eb865
mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
f670e23a581cca291ece27139e788dc1
mes5/x86_64/icedtea-web-1.0.4-0.2mdvmes5.2.x86_64.rpm
0f3893008199b11f87d18edce4554de6
mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
6fad2efe89e7efe9387933e65e3cadd0
mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
80a052ca0777874763cf1735b4f706ff
mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
6990b2b5c0de9c1e2d7248a021ef0ba8
mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
4a39be86e947e6a61fb3002a130c83e1
mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-22.b22.2mdvmes5.2.x86_64.rpm
a4b0d0938c5802bf0e998c38f0f0f427
mes5/x86_64/lib64xrender1-0.9.6-0.1mdvmes5.2.x86_64.rpm
dfebaaf4394ac9f1f8a8f465784ceb63
mes5/x86_64/lib64xrender-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm
2ba6d8a3903b1ff61f3494bacde1048b
mes5/x86_64/lib64xrender-static-devel-0.9.6-0.1mdvmes5.2.x86_64.rpm
c7c4c75829e2d8622c2e947605a27091
mes5/SRPMS/icedtea-web-1.0.4-0.2mdvmes5.2.src.rpm
5b7a1163490afaf752c05102c23be41f
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-22.b22.2mdvmes5.2.src.rpm
709ae35d50b7155fe89a6fd2d26eb865
mes5/SRPMS/libxrender-0.9.6-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFOSSBxmqjQ0CJFipgRAge9AKC/zeEWPazF5pZpS7q1uKjW/Gk1bgCgtDCN
xWq7I61m6QqApgs/cRKngYg=
=HCN8
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke