Back to search

RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) October 18, 2010 November 17, 2010 September 06, 2015


These packages provide the OpenJDK 6 Java Runtime Environment and theOpenJDK 6 Software Development Kit.defaultReadObject of the Serialization API could be tricked into setting avolatile field multiple times, which could allow a remote attacker toexecute arbitrary code with the privileges of the user running the appletor application. (CVE-2010-3569)Race condition in the way objects were deserialized could allow anuntrusted applet or application to misuse the privileges of the userrunning the applet or application. (CVE-2010-3568)Miscalculation in the OpenType font rendering implementation causedout-of-bounds memory access, which could allow remote attackers to executecode with the privileges of the user running the java process.(CVE-2010-3567)JPEGImageWriter.writeImage in the imageio API improperly checked certainimage metadata, which could allow a remote attacker to execute arbitrarycode in the context of the user running the applet or application.(CVE-2010-3565)Double free in IndexColorModel could cause an untrusted applet orapplication to crash or, possibly, execute arbitrary code with theprivileges of the user running the applet or application. (CVE-2010-3562)The privileged accept method of the ServerSocket class in the Common ObjectRequest Broker Architecture (CORBA) implementation in OpenJDK allowed it toreceive connections from any host, instead of just the host of the currentconnection. An attacker could use this flaw to bypass restrictions definedby network permissions. (CVE-2010-3561)Flaws in the Swing library could allow an untrusted application to modifythe behavior and state of certain JDK classes. (CVE-2010-3557)Flaws in the CORBA implementation could allow an attacker to executearbitrary code by misusing permissions granted to certain system objects.(CVE-2010-3554)UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrustedcallers to create objects via ProxyLazyValue values. (CVE-2010-3553)HttpURLConnection improperly handled the "chunked" transfer encodingmethod, which could allow remote attackers to conduct HTTP responsesplitting attacks. (CVE-2010-3549)HttpURLConnection improperly checked whether the calling code was grantedthe "allowHttpTrace" permission, allowing untrusted code to create HTTPTRACE requests. (CVE-2010-3574)HttpURLConnection did not validate request headers set by applets, whichcould allow remote attackers to trigger actions otherwise restricted toHTTP clients. (CVE-2010-3541, CVE-2010-3573)The Kerberos implementation improperly checked the sanity of AP-REQrequests, which could cause a denial of service condition in the receivingJava Virtual Machine. (CVE-2010-3564)The java-1.6.0-openjdk packages shipped with the GA release of Red HatEnterprise Linux 6 mitigated a man-in-the-middle attack in the way theTLS/SSL protocols handle session renegotiation by disabling renegotiation.This update implements the TLS Renegotiation Indication Extension asdefined in RFC 5746, allowing secure renegotiation between updated clientsand servers. (CVE-2009-3555)The NetworkInterface class improperly checked the network "connect"permissions for local network addresses, which could allow remote attackersto read local network addresses. (CVE-2010-3551)Information leak flaw in the Java Naming and Directory Interface (JNDI)could allow a remote attacker to access information aboutotherwise-protected internal network names. (CVE-2010-3548)Note: Flaws concerning applets in this advisory (CVE-2010-3568,CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered inOpenJDK by calling the "appletviewer" application.Bug fixes:

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities