From Mageia wiki
Jump to: navigation, search

MGASA-2013-0124

Date: April 18th, 2013
Affected releases: 2
Media: Core


Description:
Updated java-1.6.0-openjdk packages fix security vulnerabilities:

Multiple flaws were discovered in the font layout engine in the 2D
component. An untrusted Java application or applet could possibly use
these flaws to trigger Java Virtual Machine memory corruption
(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384).

Multiple improper permission check issues were discovered in the Beans,
Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions (CVE-2013-2422, CVE-2013-1518, CVE-2013-1557).

The previous default value of the java.rmi.server.useCodebaseOnly
property permitted the RMI implementation to automatically load classes
from remotely specified locations. An attacker able to connect to an
application using RMI could use this flaw to make the application
execute arbitrary code (CVE-2013-1537).

Note: The fix for CVE-2013-1537 changes the default value of the
property to true, restricting class loading to the local CLASSPATH and
locations specified in the java.rmi.server.codebase property. Refer to
Red Hat Bugzilla bug 952387 for additional details.

The 2D component did not properly process certain images. An untrusted
Java application or applet could possibly use this flaw to trigger Java
Virtual Machine memory corruption (CVE-2013-2420).

It was discovered that the Hotspot component did not properly handle
certain intrinsic frames, and did not correctly perform access checks
and MethodHandle lookups. An untrusted Java application or applet could
use these flaws to bypass Java sandbox restrictions (CVE-2013-2431,
CVE-2013-2421).

It was discovered that JPEGImageReader and JPEGImageWriter in the
ImageIO component did not protect against modification of their state
while performing certain native code operations. An untrusted Java
application or applet could possibly use these flaws to trigger Java
Virtual Machine memory corruption (CVE-2013-2429, CVE-2013-2430).

The JDBC driver manager could incorrectly call the toString() method
in JDBC drivers, and the ConcurrentHashMap class could incorrectly call
the defaultReadObject() method. An untrusted Java application or applet
could possibly use these flaws to bypass Java sandbox restrictions
(CVE-2013-1488, CVE-2013-2426).

The sun.awt.datatransfer.ClassLoaderObjectInputStream class may
incorrectly invoke the system class loader. An untrusted Java application
or applet could possibly use this flaw to bypass certain Java sandbox
restrictions (CVE-2013-0401).

Flaws were discovered in the Network component's InetAddress
serialization, and the 2D component's font handling. An untrusted Java
application or applet could possibly use these flaws to crash the Java
Virtual Machine (CVE-2013-2417, CVE-2013-2419).

The MBeanInstantiator class implementation in the OpenJDK JMX component
did not properly check class access before creating new instances. An
untrusted Java application or applet could use this flaw to create
instances of non-public classes (CVE-2013-2424).

It was discovered that JAX-WS could possibly create temporary files with
insecure permissions. A local attacker could use this flaw to access
temporary files created by an application using JAX-WS (CVE-2013-2415).

This updates IcedTea6 to version 1.11.10, which fixes these issues,
as well as several others.


Updated Packages:
i586:
java-1.6.0-openjdk-1.6.0.0-40.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-demo-1.6.0.0-40.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-devel-1.6.0.0-40.b24.1.mga2.i586.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-40.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-src-1.6.0.0-40.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-debug-1.6.0.0-40.b24.1.mga2.i586.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-40.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-40.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-40.b24.1.mga2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-40.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-src-1.6.0.0-40.b24.1.mga2.noarch.rpm
java-1.6.0-openjdk-debug-1.6.0.0-40.b24.1.mga2.x86_64.rpm

SRPMS:
java-1.6.0-openjdk-1.6.0.0-40.b24.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
https://rhn.redhat.com/errata/RHSA-2013-0751.html
https://bugs.mageia.org/show_bug.cgi?id=9780