[El-errata] ELSA-2011-0857 Important: Oracle Linux 5 java-1.6.0-openjdk security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jun 9 09:43:49 PDT 2011


Oracle Linux Security Advisory ELSA-2011-0857

https://rhn.redhat.com/errata/RHSA-2011-0857.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.0.1.el5_6.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.0.1.el5_6.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.0.1.el5_6.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.0.1.el5_6.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.0.1.el5_6.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.0.1.el5_6.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.0.1.el5_6.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.0.1.el5_6.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.0.1.el5_6.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.0.1.el5_6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.0.1.el5_6.src.rpm


Description of changes:


[1:1.6.0.0-1.22.1.9.8.0.1.el5_6]
- Add oracle-enterprise.patch

[1:1.6.0.0-1.22.1.9.8]
- Resolves: rhbz#668488
- Bumped to IcedTea6 1.9.8
- RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP 
urgent
  disabled get still selected for read ops (win)
- RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization
- RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in
  FileDialog.show()
- RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D
  code
- RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
  bindings
- RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ
- RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ
- RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
  with scale close to zero
- RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with 
null acc
- RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory 
address
  size variables

[1:1.6.0.0-1.22.1.9.7]
- Resolves bz690289
- Import from RHEL-5_6-Z
- Updated to IcedTea6 1.9.7
- Removed all plugin/webstart related commented lines
- Modified bz entry format in previous logs to get around cvs ack 
checking bug






More information about the El-errata mailing list