BugTraq
[ MDVSA-2013:021 ] java-1.6.0-openjdk Mar 08 2013 10:36AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:021
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : java-1.6.0-openjdk
Date : March 8, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple security issues were identified and fixed in OpenJDK
(icedtea6):

The 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update
41 and earlier, and 5.0 Update 40 and earlier allows remote attackers
to execute arbitrary code or cause a denial of service (crash) via
vectors that trigger a (1) read or (2) write of arbitrary memory in
the JVM, as exploited in the wild in February 2013 (CVE-2013-1493).

Unspecified vulnerability in the 2D component in the Java Runtime
Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier,
6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote
attackers to execute arbitrary code via unknown vectors, a different
vulnerability than CVE-2013-1493 (CVE-2013-0809).

The updated packages provides icedtea6-1.11.9 which is not vulnerable
to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.
html
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-19
15081.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
913ff5eda4c7d4c44308cadbdcb511ec mes5/i586/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm
e9376e66560bad6c5d7cb35a3d627870 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm
13412e9674174e924769414ad30ee79d mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm
f8cd2b8917c146641f1470cf53011435 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm
4daeabe882316231e5b9e89612717057 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-35.b24.4mdvmes5.2.i586.rpm
9248e6e39a0ee59ad6bc6e854e46ae2c mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
1cb6fe843aec51afb6fc918ebe435c6f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm
f785bc251ca4406f205cab5e64ce685a mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm

f7cba7622dd6cfd1e64474f47a2ddb35 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rp
m
38104463668442434ec884f78f3d1236 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.4mdvmes5.2.x86_64.
rpm
f355ccfbe11e93cd4101171ea7dc6356 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-35.b24.4mdvmes5.2.x86_64.rpm
9248e6e39a0ee59ad6bc6e854e46ae2c mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-35.b24.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFROZNcmqjQ0CJFipgRAlRxAJoC09gKmBF4kGckzoHdeLPC8BtwJQCcCyhr
Pgga+RwmqGFxNf3uoedcpJA=
=K1BS
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus