U radu programskog paketa java-1.6.0-openjdk otkriveni su brojni sigurnosni nedostaci koje udaljeni zloćudan korisnik može iskoristiti za narušavanje povjerljivosti, integriteta i dostupnosti sustava.
Paket:
java-1.6.0-openjdk
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
U radu programskog paketa uočene su greške u komponentama Virtual Desktop Infrastructure (VDI) i JRE (Java Runtime Environment), kao i greška povezana s neispravnim računanjem sažetaka (eng. hash).
Posljedica:
Udaljeni napadač može iskoristiti navedene propuste za narušavanje povjerljivosti, integriteta i dostupnosti sustava.
Rješenje:
Korisnike se potiče na primjenu programskih rješenja proizvođača.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:021
http://www.mandriva.com/security/
_______________________________________________________________________
Package : java-1.6.0-openjdk
Date : January 17, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple security issues were identified and fixed in OpenJDK
(icedtea6):
Fix issues in java sound (CVE-2011-3563).
Fix in AtomicReferenceArray (CVE-2011-3571).
Add property to limit number of request headers to the HTTP Server
(CVE-2011-5035).
Incorect checking for graphics rendering object (CVE-2012-0497).
Multiple unspecified vulnerabilities allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
(CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).
Better input parameter checking in zip file processing (CVE-2012-0501).
Issues with some KeyboardFocusManager method (CVE-2012-0502).
Issues with TimeZone class (CVE-2012-0503).
Enhance exception throwing mechanism in ObjectStreamClass
(CVE-2012-0505).
Issues with some method in corba (CVE-2012-0506).
The updated packages provides icedtea6-1.10.6 which is not vulnerable
to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
63b2f376c592f7ff1e4aa7890ceee280
2010.1/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
a08e86738341f9de864419817e40a6f6
2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
18c0c0f3474444c88fc484868497a9c4
2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
b21b456d9ee21b88a7193bcbf0d240bf
2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
edaff496f231bf9e47e1758c5c9cc7d9
2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
ce1bb936f26002c752975b1045d58e76
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0b4aacfa0120ea55489efe2d88eeea5d
2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
f63f343302f4375071aacac5884b6b9a
2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
cbc96ed4843f65a29d664cd0f07a8968
2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
f66189cfbc78cbe7403f880fa8ef070f
2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
0a1d5214c532f3a1e2737ee7dfb0ec14
2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
ce1bb936f26002c752975b1045d58e76
2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm
Mandriva Linux 2011:
276091edbd4821862b203b78ab4c7e8e
2011/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
0d5576a07181d2d61020fc9ce76ccacc
2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
a4c0e4b7e7b577867cc380242a82a58d
2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
7a49bc6419d25297e02b0b6151bca85e
2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
abda3919ff6e3d4f2cc4c8e8135c2130
2011/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
c3237479dc9690bc6bda4d7b8054f2ae
2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm
Mandriva Linux 2011/X86_64:
f8179f159c950005e677a07b7a7d7b28
2011/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
4e99ad3e7f81d18c766dc13260b3686b
2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
799eaa638565a4839906c41642f8621d
2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
fee264489439ecb48de37409524194dd
2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
95ffcf2aa45429fb1b31fa044560da9b
2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
c3237479dc9690bc6bda4d7b8054f2ae
2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm
Mandriva Enterprise Server 5:
3991eab3dad14d627a4e4a286e658076
mes5/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
1da6d0464e870345b512e423ce8e541d
mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
1335da0e8ed5b37147b2ec5d8a68b20d
mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
e10aebb0b91428325a308e576f50aa45
mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
d30e1ae2d47cd23c063357973dd870a9
mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
b9d795124e16f852b188cb9c92dc3d77
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b9c5058e2009da89418b8056e23511ad
mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
cecb580e05f61fe3dba56e33276f8185
mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
8d8d67bda8662b88e6d56956e5739a2e
mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
960a85c526378996f6ef6511638335f4
mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
b068fd26387d11fea69f4a99190faab3
mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
b9d795124e16f852b188cb9c92dc3d77
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9
NSDNWCT+JqEyYHUExPAwR58=
=cwgS
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke