Jump to content

Advisories MDVSA-2009:162: java-1.6.0-openjdk

paul

By paul
in Mandriva Security Advisories

 Share

Recommended Posts

paul Platinum

paul

Posted
Posted

Multiple security vulnerabilities has been identified and fixed in

Little cms library embedded in OpenJDK:

 

A memory leak flaw allows remote attackers to cause a denial of service

(memory consumption and application crash) via a crafted image file

(CVE-2009-0581).

 

Multiple integer overflows allow remote attackers to execute arbitrary

code via a crafted image file that triggers a heap-based buffer

overflow (CVE-2009-0723).

 

Multiple stack-based buffer overflows allow remote attackers to

execute arbitrary code via a crafted image file associated with a large

integer value for the (1) input or (2) output channel (CVE-2009-0733).

 

A flaw in the transformations of monochrome profiles allows remote

attackers to cause denial of service triggered by a NULL pointer

dereference via a crafted image file (CVE-2009-0793).

 

Further security fixes in the JRE and in the Java API of OpenJDK:

 

A flaw in handling temporary font files by the Java Virtual

Machine (JVM) allows remote attackers to cause denial of service

(CVE-2006-2426).

 

An integer overflow flaw was found in Pulse-Java when handling Pulse

audio source data lines. An attacker could use this flaw to cause an

applet to crash, leading to a denial of service (CVE-2009-0794).

 

A flaw in Java Runtime Environment initialized LDAP connections

allows authenticated remote users to cause denial of service on the

LDAP service (CVE-2009-1093).

 

A flaw in the Java Runtime Environment LDAP client in handling server

LDAP responses allows remote attackers to execute arbitrary code on

the client side via malicious server response (CVE-2009-1094).

 

Buffer overflows in the the Java Runtime Environment unpack200 utility

allow remote attackers to execute arbitrary code via an crafted applet

(CVE-2009-1095, CVE-2009-1096).

 

A buffer overflow in the splash screen processing allows a attackers

to execute arbitrary code (CVE-2009-1097).

 

A buffer overflow in GIF images handling allows remote attackers to

execute arbitrary code via an crafted GIF image (CVE-2009-1098).

 

A flaw in the Java API for XML Web Services (JAX-WS) service endpoint

handling allows remote attackers to cause a denial of service on the

service endpoint's server side (CVE-2009-1101).

 

A flaw in the Java Runtime Environment Virtual Machine code generation

allows remote attackers to execute arbitrary code via a crafted applet

(CVE-2009-1102).

 

This update provides fixes for these issues.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...