MDVSA-2009:137 -- Mandriva java-1.6.0-openjdkID: oval:org.secpod.oval:def:300942 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK: A memory leak flaw allows remote attackers to cause a denial of service via a crafted image file . Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow . Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the input or output channel . A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file . Further security fixes in the JRE and in the Java API of OpenJDK: A flaw in handling temporary font files by the Java Virtual Machine allows remote attackers to cause denial of service . An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service . A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service . A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response . Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet . A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code . A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image . A flaw in the Java API for XML Web Services service endpoint handling allows remote attackers to cause a denial of service on the service endpoint"s server side . A flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet . This update provides fixes for these issues. Update: java-1.6.0-openjdk requires rhino packages and these has been further updated.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Product: |
java-1.6.0-openjdk |