These packages provide the OpenJDK 6 Java Runtime Environment and theOpenJDK 6 Software Development Kit.Integer overflow flaws were found in the way Java2D parsed JPEG images anduser-supplied fonts. An attacker could use these flaws to execute arbitrarycode with the privileges of the user running an untrusted applet orapplication. (CVE-2011-0862)It was found that the MediaTracker implementation created Componentinstances with unnecessary access privileges. A remote attacker could usethis flaw to elevate their privileges by utilizing an untrusted applet orapplication that uses Swing. (CVE-2011-0871)A flaw was found in the HotSpot component in OpenJDK. Certain bytecodeinstructions confused the memory management within the Java Virtual Machine(JVM), resulting in an applet or application crashing. (CVE-2011-0864)An information leak flaw was found in the NetworkInterface class. Anuntrusted applet or application could use this flaw to access informationabout available network interfaces that should only be available toprivileged code. (CVE-2011-0867)An incorrect float-to-long conversion, leading to an overflow, was foundin the way certain objects (such as images and text) were transformed inJava2D. A remote attacker could use this flaw to crash an untrusted appletor application that uses Java2D. (CVE-2011-0868)It was found that untrusted applets and applications could misuse a SOAPconnection to incorrectly set global HTTP proxy settings instead ofsetting them in a local scope. This flaw could be used to intercept HTTPrequests. (CVE-2011-0869)A flaw was found in the way signed objects were deserialized. If trustedand untrusted code were running in the same Java Virtual Machine (JVM), andboth were deserializing the same signed object, the untrusted code couldmodify said object by using this flaw to bypass the validation checks onsigned objects. (CVE-2011-0865)All users of java-1.6.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.