U radu programskog paketa java-1.6.0-openjdk uočeno je više sigurnosnih propusta. Udaljeni napadač ih može iskoristiti za dobivanje većih privilegija, otkrivanje i izmjenu podataka te zaobilaženje postavljenih ograničenja.
| Paket: | java-1.6.0-openjdk |
| Operacijski sustavi: | Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 8.7 |
| Problem: | nespecificirana pogreška, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | dobivanje većih privilegija, izmjena podataka, otkrivanje osjetljivih informacija, zaobilaženje postavljenih ograničenja |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3544, CVE-2011-3521, CVE-2011-3554, CVE-2011-3389, CVE-2011-3558, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3377 |
| Izvorni ID preporuke: | MDVSA-2011:170 |
| Izvor: | Mandriva |
| Problem: | |
| Problemi sigurnosti su posljedica pogrešne implementacije SSL protokola te višestrukih nespecificiranih pogrešaka u komponenti Java Runtime Environment. |
|
| Posljedica: | |
| Udaljeni napadač navedene ranjivosti može iskoristiti za utjecaj na pouzdanost, dostupnost i integritet podataka. |
|
| Rješenje: | |
| Rješenje problema sigurnosti je nadogradnja navedenog paketa na novije inačice. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:170
http://www.mandriva.com/security/
_______________________________________________________________________
Package : java-1.6.0-openjdk
Date : November 11, 2011
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in openjdk (icedtea6)
and icedtea-web:
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
via unknown vectors related to Networking (CVE-2011-3547).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability, related to AWT (CVE-2011-3548).
IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity
via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect
confidentiality, related to JAXWS (CVE-2011-3553).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to Scripting
(CVE-2011-3544).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to
Deserialization (CVE-2011-3521).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors (CVE-2011-3554).
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used
block ciphers in cipher-block chaining (CBC) mode. An attacker able
to perform a chosen plain text attack against a connection mixing
trusted and untrusted data could use this flaw to recover portions
of the trusted data sent over the connection (CVE-2011-3389).
Note: This update mitigates the CVE-2011-3389 issue by splitting
the first application data record byte to a separate SSL/TLS
protocol record. This mitigation may cause compatibility issues
with some SSL/TLS implementations and can be disabled using the
jsse.enableCBCProtection boolean property. This can be done on the
command line by appending the flag -Djsse.enableCBCProtection=false
to the java command.
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
via unknown vectors related to HotSpot (CVE-2011-3558).
IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3557).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality
and integrity, related to JSSE (CVE-2011-3560).
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea project Web browser plugin. A
malicious applet could use this flaw to bypass SOP protection and
open connections to any sub-domain of the second-level domain of
the applet's origin, as well as any sub-domain of the domain that
is the suffix of the origin second-level domain. For example,
IcedTea-Web plugin allowed applet from some.host.example.com to
connect to other.host.example.com, www.example.com, and example.com,
as well as www.ample.com or ample.com. (CVE-2011-3377).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3377
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
2881c71d1da084f6c7a136335f5383d6
2010.1/i586/icedtea-web-1.0.6-0.1mdv2010.2.i586.rpm
415d7598363639aecbafd380827b7ab2
2010.1/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
27d2d84f2a00e4d18cb68e8c8ecd1626
2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
8b4b727a2139d866d0e88ff720de9b57
2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
8084b3aaeac98db2ddf89913db805725
2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
f5c32405224455a5065d85ecbba6f1f2
2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.i586.rpm
45fd80b86f46b8e9ca3711c47d4fbb40
2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm
6bbb0d8c0e0ce847b86d9145ca12e211
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
899e54445bf4ad65ea254e835006ce27
2010.1/x86_64/icedtea-web-1.0.6-0.1mdv2010.2.x86_64.rpm
7da63e6b6d83974f32f6580c4de53929
2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
859e838ff8583b814f1270c36d0bf248
2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
8da61ef538893c8b7766e868e369f400
2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
3b56e8612ba71e92e728e3e1a9fef319
2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
23eea5b9bf1a2ee3db0ebf0c6927234a
2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm
45fd80b86f46b8e9ca3711c47d4fbb40
2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm
6bbb0d8c0e0ce847b86d9145ca12e211
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm
Mandriva Linux 2011:
b585d6580568d064d9e99ab2d8898dbb
2011/i586/icedtea-web-1.0.6-0.1-mdv2011.0.i586.rpm
17ea4db995836efdb63f62370adc21f3
2011/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
b5b625dd4b96e479ce532f2d578650bb
2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
3bc34e225ec9e6b38dd1876a5c5ffe6d
2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
050f5c111f9e65c0ea06f80e4ffff35d
2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
3d5eed0e210b9d4e38a6dcd74929f0dd
2011/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm
0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm
128cec9fdd9fd0e0d921341f178be9a1
2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm
Mandriva Linux 2011/X86_64:
aa77ab19c7746723530e3a696fd4355a
2011/x86_64/icedtea-web-1.0.6-0.1-mdv2011.0.x86_64.rpm
467cc14261ed055450afbf1a2a5fe483
2011/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
2850bfa26b1f992dff3c2c1ac3f1326b
2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
50053850cfdd573a9469aa0b5783cc82
2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
04ba44e392bf335e86fdc2c66d03bdf3
2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
678776c021e19498a6e201c9b0ef6513
2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm
0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm
128cec9fdd9fd0e0d921341f178be9a1
2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm
Mandriva Enterprise Server 5:
c6af60f8fac7b8fb91a79983e4c68364
mes5/i586/icedtea-web-1.0.6-0.1mdvmes5.2.i586.rpm
00295911ed1610030bd0b39680c2fb20
mes5/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
bdcd904e1e04d57f8205904b84dd5971
mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
960da26357c48af97ca8e9cdb4245692
mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
8cf1ac9ad06eddba1916d8e4e2b3cedf
mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
f0a00b845915e25e7b4bc9802914aee4
mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm
3860e9d27e8bc15ea72a57deb811c961
mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm
b0701aff2a8ffdcc27a6cd7560d0d099
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
765023a21377d664c2ba05e98147dd1b
mes5/x86_64/icedtea-web-1.0.6-0.1mdvmes5.2.x86_64.rpm
f0b699b476a124eb0a1b2f5187101de9
mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
249ffd15ed12d64798ff39431e402d69
mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
d747f2b1361c0a67d4d85824a94d0a69
mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
d50d63017beb08a2f23d08138a17c992
mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
dd36ff4d9b91a541dfa86bb46288bbe0
mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm
3860e9d27e8bc15ea72a57deb811c961
mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm
b0701aff2a8ffdcc27a6cd7560d0d099
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI
aaF2JGTyfceBABs92un/yVA=
=yPsD
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke