First published: Wed Mar 31 2010(Updated: )
These packages provide the OpenJDK 6 Java Runtime Environment and the<br>OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)<br>contains the software and tools that users need to run applications written<br>using the Java programming language.<br>A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure<br>Sockets Layer) protocols handle session renegotiation. A man-in-the-middle<br>attacker could use this flaw to prefix arbitrary plain text to a client's<br>session (for example, an HTTPS connection to a website). This could force<br>the server to process an attacker's request as if authenticated using the<br>victim's credentials. (CVE-2009-3555)<br>This update disables renegotiation in the Java Secure Socket Extension<br>(JSSE) component. Unsafe renegotiation can be re-enabled using the<br>sun.security.ssl.allowUnsafeRenegotiation property. Refer to the following<br>Knowledgebase article for details:<br><a href="http://kbase.redhat.com/faq/docs/DOC-20491" target="_blank">http://kbase.redhat.com/faq/docs/DOC-20491</a> A number of flaws have been fixed in the Java Virtual Machine (JVM) and in<br>various Java class implementations. These flaws could allow an unsigned<br>applet or application to bypass intended access restrictions.<br>(CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094)<br>An untrusted applet could access clipboard information if a drag operation<br>was performed over that applet's canvas. This could lead to an information<br>leak. (CVE-2010-0091)<br>The rawIndex operation incorrectly handled large values, causing the<br>corruption of internal memory structures, resulting in an untrusted applet<br>or application crashing. (CVE-2010-0092)<br>The System.arraycopy operation incorrectly handled large index values,<br>potentially causing array corruption in an untrusted applet or application.<br>(CVE-2010-0093)<br>Subclasses of InetAddress may incorrectly interpret network addresses,<br>allowing an untrusted applet or application to bypass network access<br>restrictions. (CVE-2010-0095)<br>In certain cases, type assignments could result in "non-exact" interface<br>types. This could be used to bypass type-safety restrictions.<br>(CVE-2010-0845)<br>A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an<br>untrusted applet or application using color profiles from untrusted sources<br>to crash. (CVE-2010-0838)<br>An input validation flaw was found in the JRE unpack200 functionality. An<br>untrusted applet or application could use this flaw to elevate its<br>privileges. (CVE-2010-0837)<br>Deferred calls to trusted applet methods could be granted incorrect<br>permissions, allowing an untrusted applet or application to extend its<br>privileges. (CVE-2010-0840)<br>A missing input validation flaw in the JRE could allow an attacker to crash<br>an untrusted applet or application. (CVE-2010-0848)<br>A flaw in Java2D could allow an attacker to execute arbitrary code with the<br>privileges of a user running an untrusted applet or application that uses<br>Java2D. (CVE-2010-0847)<br>Note: The flaws concerning applets in this advisory, CVE-2010-0082,<br>CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092,<br>CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,<br>CVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in<br>java-1.6.0-openjdk by calling the "appletviewer" application.<br>This update also provides three defense in depth patches. (BZ#575745,<br>BZ#575861, BZ#575789)<br>All users of java-1.6.0-openjdk are advised to upgrade to these updated<br>packages, which resolve these issues. All running instances of OpenJDK Java<br>must be restarted for the update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.6.0-openjdk-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5 |
redhat/java | <1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5 | 1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.