-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:209 http://www.mandriva.com/security/ _______________________________________________________________________ Package : java-1.6.0-openjdk Date : August 21, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple Java OpenJDK security vulnerabilities has been identified and fixed: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation specifies an HMAC truncation length (HMACOutputLength) but does not require a minimum for its length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits (CVE-2009-0217). The Java Web Start framework does not properly check all application jar files trust and this allows context-dependent attackers to execute arbitrary code via a crafted application, related to NetX (CVE-2009-1896). Some variables and data structures without the final keyword definition allows context-depend attackers to obtain sensitive information. The target variables and data structures are stated as follow: (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475). The Java Management Extensions (JMX) implementation does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object (CVE-2009-2476). A flaw in the Xerces2 as used in OpenJDK allows remote attackers to cause denial of service via a malformed XML input (CVE-2009-2625). The audio system does not prevent access to java.lang.System properties either by untrusted applets and Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties (CVE-2009-2670). A flaw in the SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked either an untrusted applet or Java Web Start application via unspecified vectors (CVE-2009-2671). A flaw in the proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword (CVE-2009-2673). An integer overflow in the JPEG images parsing allows context-dependent attackers to gain privileges via an untrusted Java Web Start application that grants permissions to itself (CVE-2009-2674). An integer overflow in the unpack200 utility decompression allows context-dependent attackers to gain privileges via vectors involving either an untrusted applet or Java Web Start application that grants permissions to itself (CVE-2009-2675). A flaw in the JDK13Services.getProviders grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions either via an untrusted applet or application (CVE-2009-2689). A flaw in the OpenJDK's encoder, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information either via an untrusted applet or application (CVE-2009-2690). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 77de7249327462d2313b7c76856b3c37 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm 97c93c2f9cd96904517292329b89dd0f 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm c574934c0bbc37e6b66f06e7b323fb9e 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm ab2a2301fdae49ad083f8dbc6f498892 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm 9fa31c0977e8608102535be086ce3e2a 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm a0975132274fe9ac1da38277d5bc0798 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.i586.rpm f3c509722d763889e079f82f18e491e4 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 6b697112ece62ac9cf1f994b240fb278 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm 0682b7e9e75e726eba897288f6ecd278 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm 5615ddd7056f9133c10c853e066e55bc 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm a72d479cf90373b0b7446213cfce11c0 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm 612ebb19f2e36989ea1b5debc6fa19ca 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm 55d3317105923930371840378bf42f78 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0.x86_64.rpm f3c509722d763889e079f82f18e491e4 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0.src.rpm Mandriva Linux 2009.1: b0dd424f32658c808e286d8343c872a3 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm d97e14da57e25e04e51b096f8b8adbf4 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm 9b6e10ea26b0b55d5f1e013dcbce4d5e 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm 43b3c534406bee662dd11d6ad8a82237 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm 531ec3ddf0c11d4d0ce2bcd98eda8baf 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm a343fcd5501b9410592b5dca3be6cd88 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.i586.rpm 2e440b16b876e878d4a31952197ae029 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 3e4eb0ab34a70f32e1a913479aab6c9a 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm 424a7d53b660998d8140cf18c1a4d873 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm f7273fda0f52db4267ce099445f63c55 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm e5fc23eb05ec1e5688251c763ecb78b9 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm 87c693dec4b12cdcf8602b2e6ff1b8ea 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm 5b792616f3223fa1bf903f95732d815b 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1.x86_64.rpm 2e440b16b876e878d4a31952197ae029 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1.src.rpm Mandriva Enterprise Server 5: 3497d47548dbd3454a279aac4db9c7b6 mes5/i586/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 18a373731a0c5f3fdbe3a93daee5035e mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 27e1b2439b57251bf74cfbfa1f6997a4 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 0bfac50d5dccbe0711fa8001c590d590 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 0d08cfa86e0c64e2e69a602cbed74df3 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm ca6f1c72e5496de3b10e53199e919eb6 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.i586.rpm 71d5af78951336166547e7b64032129b mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 1d66d60b27fe05a8d5bebdf717b49534 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm 8aa7f447a6140fa89882ebfce346c4fd mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm 1c7c231f79686af720355061e16fcac6 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm ba115b547bb1aeff52b234d7531d04a3 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm 77b3fe99a9b32339d38cc8e14e079274 mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm fa6d0a89d137f8c9ee886802c501f959 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.4mdvmes5.x86_64.rpm 71d5af78951336166547e7b64032129b mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.4mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKjcPcmqjQ0CJFipgRAjeQAJ9mtC71tANl03Q5CKl+55jnioyZtQCgr2vt ZPZjtsZBfE62E01kkA2dTic= =l6On -----END PGP SIGNATURE-----
