RHSA-2010:0865: Important: java-1.6.0-openjdk security and bug fix update

First published: Wed Nov 10 2010(Updated: )

These packages provide the OpenJDK 6 Java Runtime Environment and the<br>OpenJDK 6 Software Development Kit.<br>defaultReadObject of the Serialization API could be tricked into setting a<br>volatile field multiple times, which could allow a remote attacker to<br>execute arbitrary code with the privileges of the user running the applet<br>or application. (CVE-2010-3569)<br>Race condition in the way objects were deserialized could allow an<br>untrusted applet or application to misuse the privileges of the user<br>running the applet or application. (CVE-2010-3568)<br>Miscalculation in the OpenType font rendering implementation caused<br>out-of-bounds memory access, which could allow remote attackers to execute<br>code with the privileges of the user running the java process.<br>(CVE-2010-3567)<br>JPEGImageWriter.writeImage in the imageio API improperly checked certain<br>image metadata, which could allow a remote attacker to execute arbitrary<br>code in the context of the user running the applet or application.<br>(CVE-2010-3565)<br>Double free in IndexColorModel could cause an untrusted applet or<br>application to crash or, possibly, execute arbitrary code with the<br>privileges of the user running the applet or application. (CVE-2010-3562)<br>The privileged accept method of the ServerSocket class in the Common Object<br>Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to<br>receive connections from any host, instead of just the host of the current<br>connection. An attacker could use this flaw to bypass restrictions defined<br>by network permissions. (CVE-2010-3561)<br>Flaws in the Swing library could allow an untrusted application to modify<br>the behavior and state of certain JDK classes. (CVE-2010-3557)<br>Flaws in the CORBA implementation could allow an attacker to execute<br>arbitrary code by misusing permissions granted to certain system objects.<br>(CVE-2010-3554)<br>UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted<br>callers to create objects via ProxyLazyValue values. (CVE-2010-3553)<br>HttpURLConnection improperly handled the "chunked" transfer encoding<br>method, which could allow remote attackers to conduct HTTP response<br>splitting attacks. (CVE-2010-3549)<br>HttpURLConnection improperly checked whether the calling code was granted<br>the "allowHttpTrace" permission, allowing untrusted code to create HTTP<br>TRACE requests. (CVE-2010-3574)<br>HttpURLConnection did not validate request headers set by applets, which<br>could allow remote attackers to trigger actions otherwise restricted to<br>HTTP clients. (CVE-2010-3541, CVE-2010-3573)<br>The Kerberos implementation improperly checked the sanity of AP-REQ<br>requests, which could cause a denial of service condition in the receiving<br>Java Virtual Machine. (CVE-2010-3564)<br>The java-1.6.0-openjdk packages shipped with the GA release of Red Hat<br>Enterprise Linux 6 mitigated a man-in-the-middle attack in the way the<br>TLS/SSL protocols handle session renegotiation by disabling renegotiation.<br>This update implements the TLS Renegotiation Indication Extension as<br>defined in RFC 5746, allowing secure renegotiation between updated clients<br>and servers. (CVE-2009-3555)<br>The NetworkInterface class improperly checked the network "connect"<br>permissions for local network addresses, which could allow remote attackers<br>to read local network addresses. (CVE-2010-3551)<br>Information leak flaw in the Java Naming and Directory Interface (JNDI)<br>could allow a remote attacker to access information about<br>otherwise-protected internal network names. (CVE-2010-3548)<br>Note: Flaws concerning applets in this advisory (CVE-2010-3568,<br>CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,<br>CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in<br>OpenJDK by calling the "appletviewer" application.<br>Bug fixes:<br><li> One defense in depth patch. (BZ#639922)</li> <li> Problems for certain SSL connections. In a reported case, this prevented</li> the JBoss JAAS modules from connecting over SSL to Microsoft Active<br>Directory servers. (BZ#642779)<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0865
• agent/software-canonical-lookup
• package-manager/redhat