[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:209 ] java-1.6.0-openjdk



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:209
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : java-1.6.0-openjdk
 Date    : August 21, 2009
 Affected: 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple Java OpenJDK security vulnerabilities has been identified
 and fixed:
 
 The design of the W3C XML Signature Syntax and Processing (XMLDsig)
 recommendation specifies an HMAC truncation length (HMACOutputLength)
 but does not require a minimum for its length, which allows attackers
 to spoof HMAC-based signatures and bypass authentication by specifying
 a truncation length with a small number of bits (CVE-2009-0217).
 
 The Java Web Start framework does not properly check all application
 jar files trust and this allows context-dependent attackers to
 execute arbitrary code via a crafted application, related to NetX
 (CVE-2009-1896).
 
 Some variables and data structures without the final
 keyword definition allows context-depend attackers to
 obtain sensitive information. The target variables and
 data structures are stated as follow: (1) LayoutQueue, (2)
 Cursor.predefined, (3) AccessibleResourceBundle.getContents,
 (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
 ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
 DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types,
 (9) AbstractSaslImpl.logger, (10)
 Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector
 class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).
 
 The Java Management Extensions (JMX) implementation does not
 properly enforce OpenType checks, which allows context-dependent
 attackers to bypass intended access restrictions by leveraging
 finalizer resurrection to obtain a reference to a privileged object
 (CVE-2009-2476).
 
 A flaw in the Xerces2 as used in OpenJDK allows remote attackers to
 cause denial of service via a malformed XML input (CVE-2009-2625).
 
 The audio system does not prevent access to java.lang.System properties
 either by untrusted applets and Java Web Start applications, which
 allows context-dependent attackers to obtain sensitive information
 by reading these properties (CVE-2009-2670).
 
 A flaw in the SOCKS proxy implementation allows remote attackers
 to discover the user name of the account that invoked either an
 untrusted applet or Java Web Start application via unspecified vectors
 (CVE-2009-2671).
 
 A flaw in the proxy mechanism implementation allows remote attackers
 to bypass intended access restrictions and connect to arbitrary
 sites via unspecified vectors, related to a declaration that lacks
 the final keyword (CVE-2009-2673).
 
 An integer overflow in the JPEG images parsing allows context-dependent
 attackers to gain privileges via an untrusted Java Web Start
 application that grants permissions to itself (CVE-2009-2674).
 
 An integer overflow in the unpack200 utility decompression allows
 context-dependent attackers to gain privileges via vectors involving
 either an untrusted applet or Java Web Start application that grants
 permissions to itself (CVE-2009-2675).
 
 A flaw in the JDK13Services.getProviders grants full privileges to
 instances of unspecified object types, which allows context-dependent
 attackers to bypass intended access restrictions either via an
 untrusted applet or application (CVE-2009-2689).
 
 A flaw in the OpenJDK's encoder, grants read access to private
 variables with unspecified names, which allows context-dependent
 attackers to obtain sensitive information either via an untrusted
 applet or application (CVE-2009-2690).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1896
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 77de7249327462d2313b7c76856b3c37  
2009.0/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
 97c93c2f9cd96904517292329b89dd0f  
2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
 c574934c0bbc37e6b66f06e7b323fb9e  
2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
 ab2a2301fdae49ad083f8dbc6f498892  
2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
 9fa31c0977e8608102535be086ce3e2a  
2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm
 a0975132274fe9ac1da38277d5bc0798  
2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm 
 f3c509722d763889e079f82f18e491e4  
2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6b697112ece62ac9cf1f994b240fb278  
2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
 0682b7e9e75e726eba897288f6ecd278  
2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
 5615ddd7056f9133c10c853e066e55bc  
2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
 a72d479cf90373b0b7446213cfce11c0  
2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
 612ebb19f2e36989ea1b5debc6fa19ca  
2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm
 55d3317105923930371840378bf42f78  
2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm 
 f3c509722d763889e079f82f18e491e4  
2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 b0dd424f32658c808e286d8343c872a3  
2009.1/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
 d97e14da57e25e04e51b096f8b8adbf4  
2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
 9b6e10ea26b0b55d5f1e013dcbce4d5e  
2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
 43b3c534406bee662dd11d6ad8a82237  
2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
 531ec3ddf0c11d4d0ce2bcd98eda8baf  
2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm
 a343fcd5501b9410592b5dca3be6cd88  
2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm 
 2e440b16b876e878d4a31952197ae029  
2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 3e4eb0ab34a70f32e1a913479aab6c9a  
2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
 424a7d53b660998d8140cf18c1a4d873  
2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
 f7273fda0f52db4267ce099445f63c55  
2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
 e5fc23eb05ec1e5688251c763ecb78b9  
2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
 87c693dec4b12cdcf8602b2e6ff1b8ea  
2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm
 5b792616f3223fa1bf903f95732d815b  
2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm 
 2e440b16b876e878d4a31952197ae029  
2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 3497d47548dbd3454a279aac4db9c7b6  
mes5/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
 18a373731a0c5f3fdbe3a93daee5035e  
mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
 27e1b2439b57251bf74cfbfa1f6997a4  
mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
 0bfac50d5dccbe0711fa8001c590d590  
mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
 0d08cfa86e0c64e2e69a602cbed74df3  
mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm
 ca6f1c72e5496de3b10e53199e919eb6  
mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 
 71d5af78951336166547e7b64032129b  
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1d66d60b27fe05a8d5bebdf717b49534  
mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
 8aa7f447a6140fa89882ebfce346c4fd  
mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
 1c7c231f79686af720355061e16fcac6  
mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
 ba115b547bb1aeff52b234d7531d04a3  
mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
 77b3fe99a9b32339d38cc8e14e079274  
mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm
 fa6d0a89d137f8c9ee886802c501f959  
mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm 
 71d5af78951336166547e7b64032129b  
mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKjcPcmqjQ0CJFipgRAjeQAJ9mtC71tANl03Q5CKl+55jnioyZtQCgr2vt
ZPZjtsZBfE62E01kkA2dTic=
=l6On
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/