[El-errata] ELSA-2011-0856 Critical: Oracle Linux 6 java-1.6.0-openjdk security update

Thu Jun 9 09:41:54 PDT 2011

Oracle Linux Security Advisory ELSA-2011-0856

https://rhn.redhat.com/errata/RHSA-2011-0856.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

Description of changes:

[1.6.0.0-1.39.1.9.8]
- Resolves: rhbz#709375
- Bumped to IcedTea6 1.9.8
- Copy fontconfig files to match names for current and next release
- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP 
urgent
  disabled get still selected for read ops (win)
- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization
- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in
  FileDialog.show()
- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D
  code
- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
  bindings
- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ
- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ
- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
  with scale close to zero
- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with 
null acc
- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory 
address
  size variables