First published: Tue Apr 07 2009(Updated: )
These packages provide the OpenJDK 6 Java Runtime Environment and the<br>OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)<br>contains the software and tools that users need to run applications written<br>using the Java programming language.<br>A flaw was found in the way that the Java Virtual Machine (JVM) handled<br>temporary font files. A malicious applet could use this flaw to use large<br>amounts of disk space, causing a denial of service. (CVE-2006-2426)<br>A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An<br>application using color profiles could use excessive amounts of memory, and<br>possibly crash after using all available memory, if used to open<br>specially-crafted images. (CVE-2009-0581)<br>Multiple integer overflow flaws which could lead to heap-based buffer<br>overflows, as well as multiple insufficient input validation flaws, were<br>found in the way LittleCMS handled color profiles. An attacker could use<br>these flaws to create a specially-crafted image file which could cause a<br>Java application to crash or, possibly, execute arbitrary code when opened.<br>(CVE-2009-0723, CVE-2009-0733)<br>A null pointer dereference flaw was found in LittleCMS. An application<br>using color profiles could crash while converting a specially-crafted image<br>file. (CVE-2009-0793)<br>A flaw in the Java API for XML Web Services (JAX-WS) service endpoint<br>handling could allow a remote attacker to cause a denial of service on the<br>server application hosting the JAX-WS service endpoint. (CVE-2009-1101)<br>A flaw in the way the Java Runtime Environment initialized LDAP connections<br>could allow a remote, authenticated user to cause a denial of service on<br>the LDAP service. (CVE-2009-1093)<br>A flaw in the Java Runtime Environment LDAP client could allow malicious<br>data from an LDAP server to cause arbitrary code to be loaded and then run<br>on an LDAP client. (CVE-2009-1094)<br>Several buffer overflow flaws were found in the Java Runtime Environment<br>unpack200 functionality. An untrusted applet could extend its privileges,<br>allowing it to read and write local files, as well as to execute local<br>applications with the privileges of the user running the applet.<br>(CVE-2009-1095, CVE-2009-1096)<br>A flaw in the Java Runtime Environment Virtual Machine code generation<br>functionality could allow untrusted applets to extend their privileges. An<br>untrusted applet could extend its privileges, allowing it to read and write<br>local files, as well as execute local applications with the privileges<br>of the user running the applet. (CVE-2009-1102)<br>A buffer overflow flaw was found in the splash screen processing. A remote<br>attacker could extend privileges to read and write local files, as well as<br>to execute local applications with the privileges of the user running the<br>java process. (CVE-2009-1097)<br>A buffer overflow flaw was found in how GIF images were processed. A remote<br>attacker could extend privileges to read and write local files, as well as<br>execute local applications with the privileges of the user running the<br>java process. (CVE-2009-1098)<br>Note: The flaws concerning applets in this advisory, CVE-2009-1095,<br>CVE-2009-1096, and CVE-2009-1102, can only be triggered in<br>java-1.6.0-openjdk by calling the "appletviewer" application.<br>All users of java-1.6.0-openjdk are advised to upgrade to these updated<br>packages, which resolve these issues. All running instances of OpenJDK Java<br>must be restarted for the update to take effect.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.6.0-openjdk-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5 |
redhat/java | <1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.