[El-errata] ELSA-2011-1380 Critical: Oracle Linux 5 java-1.6.0-openjdk security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Oct 20 06:32:55 PDT 2011 

Oracle Linux Security Advisory ELSA-2011-1380

https://rhn.redhat.com/errata/RHSA-2011-1380.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.0.1.el5_7.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.0.1.el5_7.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.0.1.el5_7.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.0.1.el5_7.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.0.1.el5_7.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.0.1.el5_7.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.0.1.el5_7.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.0.1.el5_7.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.0.1.el5_7.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.0.1.el5_7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.0.1.el5_7.src.rpm


Description of changes:


[1.6.0.0-1.23.1.9.10.0.1.el5_7]
- Add oracle-enterprise.patch

[1:1.6.0.0-1.23.1.9.10]
- Resolves: rhbz#744786
- Bumped to IcedTea6 1.9.8
  Security fixes
   - S7000600, CVE-2011-3547: InputStream skip() information leak
   - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
   - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
   - S7032417, CVE-2011-3552: excessive default UDP socket limit under 
SecurityManager
   - S7046823, CVE-2011-3544: missing SecurityManager checks in 
scripting engine
   - S7055902, CVE-2011-3521: IIOP deserialization code execution
   - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress 
error checks
   - S7064341, CVE-2011-3389: JSSE
   - S7070134, CVE-2011-3558: Hotspot unspecified issue
   - S7077466, CVE-2011-3556: RMI DGC server remote code execution
   - S7083012, CVE-2011-3557: RMI registry privileged code execution
   - S7096936, CVE-2011-3560: missing checkSetFactory calls in 
HttpsURLConnection
  NetX
   - PR794: javaws does not work if a Web Start app jar has a Class-Path 
element in the manifest

More information about the El-errata mailing list