Detalji

U radu programskog paketa java-1.6.0-openjdk otkriveni su i ispravljeni brojni sigurnosni nedostaci. Riječ je o radnom i razvojnom okruženju za aplikacije napisane u programskom jeziku Java. Propusti su vezani uz komponente IcedTea (IcedTea.so) i Java Runtime Environment (JRE), te nepravilnosti u metodi "Double.parseDouble". Napadač ih može iskoristiti za obilaženje postavljenih sigurnosnih ograničenja, pokretanje zlonamjernog programskog koda i izvođenje napada uskraćivanja usluge. Korisnicima se savjetuje primjena nadogradnje.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:054
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : java-1.6.0-openjdk
 Date    : March 27, 2011
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in
 java-1.6.0-openjdk:
 
 The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,
 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from
 the checkPermission method instead of throwing an exception in certain
 circumstances, which might allow context-dependent attackers to bypass
 the intended security policy by creating instances of ClassLoader
 (CVE-2010-4351).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier,
 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote
 untrusted Java Web Start applications and untrusted Java applets to
 affect integrity via unknown vectors related to Networking. NOTE: the
 previous information was obtained from the February 2011 CPU. Oracle
 has not commented on claims from a downstream vendor that this issue
 involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier for
 Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;
 and 1.4.2_29 and earlier for Solaris and Linux allows local standalone
 applications to affect confidentiality, integrity, and availability via
 unknown vectors related to Launcher. NOTE: the previous information was
 obtained from the February 2011 CPU. Oracle has not commented on claims
 from a downstream vendor that this issue is an untrusted search path
 vulnerability involving an empty LD_LIBRARY_PATH environment variable
 (CVE-2010-4450).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier,
 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote
 untrusted Java Web Start applications and untrusted Java applets to
 affect confidentiality, integrity, and availability via unknown vectors
 related to Swing. NOTE: the previous information was obtained from the
 February 2011 CPU. Oracle has not commented on claims from a downstream
 vendor that this issue is related to the lack of framework support by
 AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465)
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier,
 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote
 untrusted Java Web Start applications and untrusted Java applets to
 affect confidentiality, integrity, and availability via unknown vectors
 related to HotSpot. NOTE: the previous information was obtained from
 the February 2011 CPU. Oracle has not commented on claims from a
 downstream vendor that this issue is heap corruption related to the
 Verifier and backward jsrs. (CVE-2010-4469)
 
 Unspecified vulnerability in the Java Runtime Environment (JRE) in
 Oracle Java SE and Java for Business 6 Update 23, and, and earlier
 allows remote attackers to affect availability via unknown vectors
 related to JAXP and unspecified APIs. NOTE: the previous information
 was obtained from the February 2011 CPU. Oracle has not commented on
 claims from a downstream vendor that this issue is related to Features
 set on SchemaFactory not inherited by Validator. (CVE-2010-4470)
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier,
 and 5.0 Update 27 and earlier allows remote untrusted Java Web Start
 applications and untrusted Java applets to affect confidentiality
 via unknown vectors related to 2D. NOTE: the previous information
 was obtained from the February 2011 CPU. Oracle has not commented
 on claims from a downstream vendor that this issue is related to the
 exposure of system properties via vectors related to Font.createFont
 and exception text (CVE-2010-4471).
 
 Unspecified vulnerability in the Java Runtime Environment (JRE)
 in Oracle Java SE and Java for Business 6 Update 23 and earlier
 allows remote attackers to affect availability, related to
 XML Digital Signature and unspecified APIs. NOTE: the previous
 information was obtained from the February 2011 CPU. Oracle has
 not commented on claims from a downstream vendor that this issue
 involves the replacement of the XML DSig Transform or C14N algorithm
 implementations. (CVE-2010-4472)
 
 The Double.parseDouble method in Java Runtime Environment (JRE) in
 Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0
 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK,
 Apache, JBossweb, and other products, allows remote attackers to cause
 a denial of service via a crafted string that triggers an infinite
 loop of estimations during conversion to a double-precision binary
 floating-point number, as demonstrated using 2.2250738585072012e-308
 (CVE-2010-4476).
 
 IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5
 does not properly verify signatures for JAR files that (1) are
 partially signed or (2) signed by multiple entities, which allows
 remote attackers to trick users into executing code that appears to
 come from a trusted source (CVE-2011-0025).
 
 The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in
 OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain
 privileges via unknown vectors related to multiple signers and the
 assignment of an inappropriate security descriptor. (CVE-2011-0706)
 
 Additionally the java-1.5.0-gcj packages were not rebuilt with the
 shipped version on GCC for 2009.0 and Enterprise Server 5 which
 caused problems while building the java-1.6.0-openjdk updates,
 therefore rebuilt java-1.5.0-gcj packages are being provided with
 this advisory as well.
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 cfea90f1f20d28bf5a2f628e0a910eaa 
2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm
 d3188bf2f1da126b4d04e920e331d831 
2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm
 1b4994018478f335d49531d9d5e60642 
2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm
 078af1b826c27ea3c7befc88ace7ebd5 
2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm
 d1c6cba2035f8eada4e351310ebf7be2 
2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm
 8b53c26f88092819346654a339b44622 
2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm
 fc8af257ef8db0d37f3bfff954740c0b 
2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm
 6cd5f5cdb27e4c8936292aef0aa5010c 
2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm
 03fdab84535710ac263c08b3870cb062 
2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm
 0232ce60d1d6e1072e50a13f2b416fcc 
2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 
 fc94465e0b7e5fe50095c15726d38699 
2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm
 79aa73d85fe13e803173a9c520ac1bd8 
2009.0/SRPMS/java-1.6.0

Idi na vrh