RHSA-2010:0768: Important: java-1.6.0-openjdk security and bug fix update
First published: Wed Oct 13 2010(Updated: )
These packages provide the OpenJDK 6 Java Runtime Environment and the<br>OpenJDK 6 Software Development Kit.<br>defaultReadObject of the Serialization API could be tricked into setting a<br>volatile field multiple times, which could allow a remote attacker to<br>execute arbitrary code with the privileges of the user running the applet<br>or application. (CVE-2010-3569)<br>Race condition in the way objects were deserialized could allow an<br>untrusted applet or application to misuse the privileges of the user<br>running the applet or application. (CVE-2010-3568)<br>Miscalculation in the OpenType font rendering implementation caused<br>out-of-bounds memory access, which could allow remote attackers to execute<br>code with the privileges of the user running the java process.<br>(CVE-2010-3567)<br>JPEGImageWriter.writeImage in the imageio API improperly checked certain<br>image metadata, which could allow a remote attacker to execute arbitrary<br>code in the context of the user running the applet or application.<br>(CVE-2010-3565)<br>Double free in IndexColorModel could cause an untrusted applet or<br>application to crash or, possibly, execute arbitrary code with the<br>privileges of the user running the applet or application. (CVE-2010-3562)<br>The privileged accept method of the ServerSocket class in the Common Object<br>Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to<br>receive connections from any host, instead of just the host of the current<br>connection. An attacker could use this flaw to bypass restrictions defined<br>by network permissions. (CVE-2010-3561)<br>Flaws in the Swing library could allow an untrusted application to modify<br>the behavior and state of certain JDK classes. (CVE-2010-3557)<br>Flaws in the CORBA implementation could allow an attacker to execute<br>arbitrary code by misusing permissions granted to certain system objects.<br>(CVE-2010-3554)<br>UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted<br>callers to create objects via ProxyLazyValue values. (CVE-2010-3553)<br>HttpURLConnection improperly handled the "chunked" transfer encoding<br>method, which could allow remote attackers to conduct HTTP response<br>splitting attacks. (CVE-2010-3549)<br>HttpURLConnection improperly checked whether the calling code was granted<br>the "allowHttpTrace" permission, allowing untrusted code to create HTTP<br>TRACE requests. (CVE-2010-3574)<br>HttpURLConnection did not validate request headers set by applets, which<br>could allow remote attackers to trigger actions otherwise restricted to<br>HTTP clients. (CVE-2010-3541, CVE-2010-3573)<br>The Kerberos implementation improperly checked the sanity of AP-REQ<br>requests, which could cause a denial of service condition in the receiving<br>Java Virtual Machine. (CVE-2010-3564)<br>The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way<br>the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols<br>handle session renegotiation by disabling renegotiation. This update<br>implements the TLS Renegotiation Indication Extension as defined in RFC<br>5746, allowing secure renegotiation between updated clients and servers.<br>(CVE-2009-3555)<br>The NetworkInterface class improperly checked the network "connect"<br>permissions for local network addresses, which could allow remote attackers<br>to read local network addresses. (CVE-2010-3551)<br>Information leak flaw in the Java Naming and Directory Interface (JNDI)<br>could allow a remote attacker to access information about<br>otherwise-protected internal network names. (CVE-2010-3548)<br>Note: Flaws concerning applets in this advisory (CVE-2010-3568,<br>CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,<br>CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in<br>OpenJDK by calling the "appletviewer" application.<br>Bug fixes:<br><li> This update provides one defense in depth patch. (BZ#639922)</li> <li> Problems for certain SSL connections. In a reported case, this prevented</li> the JBoss JAAS modules from connecting over SSL to Microsoft Active<br>Directory servers. (BZ#618290)<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.6.0-openjdk-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-demo-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-demo-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-devel-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-devel-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-src-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-src-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-demo-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-demo-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-devel-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-devel-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-javadoc-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-javadoc-1.6.0.0-1.16.b17.el5 |
| redhat/java | <1.6.0-openjdk-src-1.6.0.0-1.16.b17.el5 | 1.6.0-openjdk-src-1.6.0.0-1.16.b17.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/tags
- agent/description
- agent/event
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0768
- agent/software-canonical-lookup
- package-manager/redhat