Rapid7 Vulnerability & Exploit Database

RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update

Back to Search

RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update



These packages provide the OpenJDK 6 Java Runtime Environment and theOpenJDK 6 Software Development Kit.defaultReadObject of the Serialization API could be tricked into setting avolatile field multiple times, which could allow a remote attacker toexecute arbitrary code with the privileges of the user running the appletor application. (CVE-2010-3569)Race condition in the way objects were deserialized could allow anuntrusted applet or application to misuse the privileges of the userrunning the applet or application. (CVE-2010-3568)Miscalculation in the OpenType font rendering implementation causedout-of-bounds memory access, which could allow remote attackers to executecode with the privileges of the user running the java process.(CVE-2010-3567)JPEGImageWriter.writeImage in the imageio API improperly checked certainimage metadata, which could allow a remote attacker to execute arbitrarycode in the context of the user running the applet or application.(CVE-2010-3565)Double free in IndexColorModel could cause an untrusted applet orapplication to crash or, possibly, execute arbitrary code with theprivileges of the user running the applet or application. (CVE-2010-3562)The privileged accept method of the ServerSocket class in the Common ObjectRequest Broker Architecture (CORBA) implementation in OpenJDK allowed it toreceive connections from any host, instead of just the host of the currentconnection. An attacker could use this flaw to bypass restrictions definedby network permissions. (CVE-2010-3561)Flaws in the Swing library could allow an untrusted application to modifythe behavior and state of certain JDK classes. (CVE-2010-3557)Flaws in the CORBA implementation could allow an attacker to executearbitrary code by misusing permissions granted to certain system objects.(CVE-2010-3554)UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrustedcallers to create objects via ProxyLazyValue values. (CVE-2010-3553)HttpURLConnection improperly handled the "chunked" transfer encodingmethod, which could allow remote attackers to conduct HTTP responsesplitting attacks. (CVE-2010-3549)HttpURLConnection improperly checked whether the calling code was grantedthe "allowHttpTrace" permission, allowing untrusted code to create HTTPTRACE requests. (CVE-2010-3574)HttpURLConnection did not validate request headers set by applets, whichcould allow remote attackers to trigger actions otherwise restricted toHTTP clients. (CVE-2010-3541, CVE-2010-3573)The Kerberos implementation improperly checked the sanity of AP-REQrequests, which could cause a denial of service condition in the receivingJava Virtual Machine. (CVE-2010-3564)The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the waythe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocolshandle session renegotiation by disabling renegotiation. This updateimplements the TLS Renegotiation Indication Extension as defined in RFC5746, allowing secure renegotiation between updated clients and servers.(CVE-2009-3555)The NetworkInterface class improperly checked the network "connect"permissions for local network addresses, which could allow remote attackersto read local network addresses. (CVE-2010-3551)Information leak flaw in the Java Naming and Directory Interface (JNDI)could allow a remote attacker to access information aboutotherwise-protected internal network names. (CVE-2010-3548)Note: Flaws concerning applets in this advisory (CVE-2010-3568,CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548,CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered inOpenJDK by calling the "appletviewer" application.Bug fixes:


  • redhat-upgrade-java-1-6-0-openjdk
  • redhat-upgrade-java-1-6-0-openjdk-demo
  • redhat-upgrade-java-1-6-0-openjdk-devel
  • redhat-upgrade-java-1-6-0-openjdk-javadoc
  • redhat-upgrade-java-1-6-0-openjdk-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center