exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-021

Mandriva Linux Security Advisory 2012-021
Posted Feb 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-021 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SHA-256 | 5b2fd88e8a9ff6a537fe564785369fae1a0e6c2783336b7003b1192898240b20
Download | Favorite | View

Mandriva Linux Security Advisory 2012-021

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:021
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : java-1.6.0-openjdk
 Date    : January 17, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple security issues were identified and fixed in OpenJDK
 (icedtea6):
 
 Fix issues in java sound (CVE-2011-3563).
 
 Fix in AtomicReferenceArray (CVE-2011-3571).
 
 Add property to limit number of request headers to the HTTP Server
 (CVE-2011-5035).
 
 Incorect checking for graphics rendering object (CVE-2012-0497).
 
 Multiple unspecified vulnerabilities allows remote attackers to affect
 confidentiality, integrity, and availability via unknown vectors
 (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).
 
 Better input parameter checking in zip file processing (CVE-2012-0501).
 
 Issues with some KeyboardFocusManager method (CVE-2012-0502).
 
 Issues with TimeZone class (CVE-2012-0503).
 
 Enhance exception throwing mechanism in ObjectStreamClass
 (CVE-2012-0505).
 
 Issues with some method in corba (CVE-2012-0506).
 
 The updated packages provides icedtea6-1.10.6 which is not vulnerable
 to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
 http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 63b2f376c592f7ff1e4aa7890ceee280  2010.1/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 a08e86738341f9de864419817e40a6f6  2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 18c0c0f3474444c88fc484868497a9c4  2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 b21b456d9ee21b88a7193bcbf0d240bf  2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
 edaff496f231bf9e47e1758c5c9cc7d9  2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.i586.rpm 
 ce1bb936f26002c752975b1045d58e76  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0b4aacfa0120ea55489efe2d88eeea5d  2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 f63f343302f4375071aacac5884b6b9a  2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 cbc96ed4843f65a29d664cd0f07a8968  2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 f66189cfbc78cbe7403f880fa8ef070f  2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
 0a1d5214c532f3a1e2737ee7dfb0ec14  2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm 
 ce1bb936f26002c752975b1045d58e76  2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 276091edbd4821862b203b78ab4c7e8e  2011/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 0d5576a07181d2d61020fc9ce76ccacc  2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 a4c0e4b7e7b577867cc380242a82a58d  2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 7a49bc6419d25297e02b0b6151bca85e  2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
 abda3919ff6e3d4f2cc4c8e8135c2130  2011/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm 
 c3237479dc9690bc6bda4d7b8054f2ae  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm

 Mandriva Linux 2011/X86_64:
 f8179f159c950005e677a07b7a7d7b28  2011/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 4e99ad3e7f81d18c766dc13260b3686b  2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 799eaa638565a4839906c41642f8621d  2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 fee264489439ecb48de37409524194dd  2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
 95ffcf2aa45429fb1b31fa044560da9b  2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm 
 c3237479dc9690bc6bda4d7b8054f2ae  2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm

 Mandriva Enterprise Server 5:
 3991eab3dad14d627a4e4a286e658076  mes5/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 1da6d0464e870345b512e423ce8e541d  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 1335da0e8ed5b37147b2ec5d8a68b20d  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 e10aebb0b91428325a308e576f50aa45  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
 d30e1ae2d47cd23c063357973dd870a9  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm 
 b9d795124e16f852b188cb9c92dc3d77  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b9c5058e2009da89418b8056e23511ad  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 cecb580e05f61fe3dba56e33276f8185  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 8d8d67bda8662b88e6d56956e5739a2e  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 960a85c526378996f6ef6511638335f4  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
 b068fd26387d11fea69f4a99190faab3  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm 
 b9d795124e16f852b188cb9c92dc3d77  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9
NSDNWCT+JqEyYHUExPAwR58=
=cwgS
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close