Bug Fixes This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408, 263409, 263428, 263429, 263488, 263489, and 264648. http://java.sun.com/javase/6/webnotes/6u15.html
DLJ bundles are up, however my dev box is unusable right now. Somebody else from java do bump please.
*** Bug 276031 has been marked as a duplicate of this bug. ***
Bumped, please stabilize: dev-java/sun-jdk-1.5.0.20 dev-java/sun-jdk-1.6.0.15 dev-java/sun-jre-bin-1.5.0.20 dev-java/sun-jre-bin-1.6.0.15 amd64 also: app-emulation/emul-linux-x86-java-1.5.0.20 app-emulation/emul-linux-x86-java-1.6.0.15
x86 stable
CVE-2009-2670 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2670): The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. CVE-2009-2671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2671): The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. CVE-2009-2672 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2672): The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. CVE-2009-2673 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2673): The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. CVE-2009-2674 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2674): Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. CVE-2009-2675 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2675): Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression. CVE-2009-2676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2676): Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.
amd64 stable, all arches done.
CVE-2009-2475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2475): Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. CVE-2009-2476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2476): The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. CVE-2009-2689 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2689): JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. CVE-2009-2690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2690): The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. CVE-2009-2716 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2716): The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors. CVE-2009-2718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2718): The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. CVE-2009-2719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2719): The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). CVE-2009-2720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2720): Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. CVE-2009-2721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2721): Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003. CVE-2009-2722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2722): Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003. CVE-2009-2723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2723): Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. CVE-2009-2724 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2724): Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."
This will be added to a pending glsa.
GLSA 200911-02