Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280409 - <dev-java/sun-jdk-1.6.0.15 <dev-java/sun-jdk-1.5.0.20 and dev-java/sun-jre-bin and app-emulation/emul-linux-x86-java security vulnerabilities (CVE-2009-{2475,2476,2670,2671,2672,2673,2674,2675,2676,2689,2690,2716,2718,2719,2720,2721,2722,2723,2724})
Summary: <dev-java/sun-jdk-1.6.0.15 <dev-java/sun-jdk-1.5.0.20 and dev-java/sun-jre-bi...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://java.sun.com/javase/6/webnotes...
Whiteboard: A2 [glsa]
Keywords:
: 276031 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-08-05 06:18 UTC by Petteri Räty (RETIRED)
Modified: 2009-11-17 23:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petteri Räty (RETIRED) gentoo-dev 2009-08-05 06:18:37 UTC
Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408, 263409, 263428, 263429, 263488, 263489, and 264648. 

http://java.sun.com/javase/6/webnotes/6u15.html
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2009-08-06 09:22:40 UTC
DLJ bundles are up, however my dev box is unusable right now. Somebody else from java do bump please.
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2009-08-06 14:42:21 UTC
*** Bug 276031 has been marked as a duplicate of this bug. ***
Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2009-08-06 16:16:40 UTC
Bumped, please stabilize:
dev-java/sun-jdk-1.5.0.20
dev-java/sun-jdk-1.6.0.15

dev-java/sun-jre-bin-1.5.0.20
dev-java/sun-jre-bin-1.6.0.15

amd64 also:
app-emulation/emul-linux-x86-java-1.5.0.20
app-emulation/emul-linux-x86-java-1.6.0.15
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2009-08-06 23:25:54 UTC
x86 stable
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-08-07 17:20:57 UTC
CVE-2009-2670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2670):
  The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE
  6 before Update 15, and JDK and JRE 5.0 before Update 20, does not
  prevent access to java.lang.System properties by (1) untrusted
  applets and (2) Java Web Start applications, which allows
  context-dependent attackers to obtain sensitive information by
  reading these properties.

CVE-2009-2671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2671):
  The SOCKS proxy implementation in Sun Java Runtime Environment (JRE)
  in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update
  20, allows remote attackers to discover the username of the account
  that invoked an untrusted (1) applet or (2) Java Web Start
  application via unspecified vectors.

CVE-2009-2672 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2672):
  The proxy mechanism implementation in Sun Java Runtime Environment
  (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before
  Update 20, does not prevent access to browser cookies by untrusted
  (1) applets and (2) Java Web Start applications, which allows remote
  attackers to hijack web sessions via unspecified vectors.

CVE-2009-2673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2673):
  The proxy mechanism implementation in Sun Java Runtime Environment
  (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before
  Update 20, allows remote attackers to bypass intended access
  restrictions and connect to arbitrary sites via unspecified vectors,
  related to a declaration that lacks the final keyword.

CVE-2009-2674 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2674):
  Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE
  6 before Update 15 allows context-dependent attackers to gain
  privileges via vectors involving an untrusted Java Web Start
  application that grants permissions to itself, related to parsing of
  JPEG images.

CVE-2009-2675 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2675):
  Integer overflow in the unpack200 utility in Sun Java Runtime
  Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE
  5.0 before Update 20, allows context-dependent attackers to gain
  privileges via vectors involving an untrusted (1) applet or (2) Java
  Web Start application that grants permissions to itself, related to
  decompression.

CVE-2009-2676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2676):
  Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and
  SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and
  JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and
  JRE 1.4.2_21 and earlier; allows remote attackers to create or modify
  arbitrary files via vectors involving an untrusted Java applet.

Comment 6 Markus Meier gentoo-dev 2009-08-11 05:55:02 UTC
amd64 stable, all arches done.
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-14 22:32:41 UTC
CVE-2009-2475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2475):
  Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK,
  might allow context-dependent attackers to obtain sensitive
  information via vectors involving static variables that are declared
  without the final keyword, related to (1) LayoutQueue, (2)
  Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4)
  ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
  ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
  DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9)
  AbstractSaslImpl.logger, (10)
  Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector
  class and a cache of BeanInfo, and (12) JAX-WS, a different
  vulnerability than CVE-2009-2673.

CVE-2009-2476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2476):
  The Java Management Extensions (JMX) implementation in Sun Java SE 6
  before Update 15, and OpenJDK, does not properly enforce OpenType
  checks, which allows context-dependent attackers to bypass intended
  access restrictions by leveraging finalizer resurrection to obtain a
  reference to a privileged object.

CVE-2009-2689 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2689):
  JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6
  before Update 15, and OpenJDK, grants full privileges to instances of
  unspecified object types, which allows context-dependent attackers to
  bypass intended access restrictions via an untrusted (1) applet or
  (2) application.

CVE-2009-2690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2690):
  The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants
  read access to private variables with unspecified names, which allows
  context-dependent attackers to obtain sensitive information via an
  untrusted (1) applet or (2) application.

CVE-2009-2716 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2716):
  The plugin functionality in Sun Java SE 6 before Update 15 does not
  properly implement version selection, which allows context-dependent
  attackers to leverage vulnerabilities in "old zip and certificate
  handling" and have unspecified other impact via unknown vectors.

CVE-2009-2718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2718):
  The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6
  before Update 15 on X11 does not impose the intended constraint on
  distance from the window border to the Security Warning Icon, which
  makes it easier for context-dependent attackers to trick a user into
  interacting unsafely with an untrusted applet.

CVE-2009-2719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2719):
  The Java Web Start implementation in Sun Java SE 6 before Update 15
  allows context-dependent attackers to cause a denial of service
  (NullPointerException) via a crafted .jnlp file, as demonstrated by
  the jnlp_file/appletDesc/index.html#misc test in the Technology
  Compatibility Kit (TCK) for the Java Network Launching Protocol
  (JNLP).

CVE-2009-2720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2720):
  Unspecified vulnerability in the
  javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing
  implementation in Sun Java SE 6 before Update 15 allows
  context-dependent attackers to cause a denial of service
  (NullPointerException in the Jemmy library) via unknown vectors.

CVE-2009-2721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2721):
  Multiple unspecified vulnerabilities in the Provider class in Sun
  Java SE 5.0 before Update 20 have unknown impact and attack vectors,
  aka BugId 6406003.

CVE-2009-2722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2722):
  Multiple unspecified vulnerabilities in the Provider class in Sun
  Java SE 5.0 before Update 20 have unknown impact and attack vectors,
  aka BugId 6429594.  NOTE: this issue exists because of an incorrect
  fix for BugId 6406003.

CVE-2009-2723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2723):
  Unspecified vulnerability in deserialization in the Provider class in
  Sun Java SE 5.0 before Update 20 has unknown impact and attack
  vectors, aka BugId 6444262.

CVE-2009-2724 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2724):
  Race condition in the java.lang package in Sun Java SE 5.0 before
  Update 20 has unknown impact and attack vectors, related to a "3Y
  Race condition in reflection checks."

Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 21:55:40 UTC
This will be added to a pending glsa.
Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-17 23:09:42 UTC
GLSA 200911-02