DSA-1769-1 openjdk-6 -- severalID: oval:org.secpod.oval:def:600416 | Date: (C)2011-05-13 (M)2023-02-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition . Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition , heap-based buffer overflows, potentially allowing arbitrary code execution , and a null-pointer dereference, leading to denial of service . The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition . The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client . The HTTP server implementation contained an unspecified denial of service vulnerability . Several issues in Java Web Start have been addressed . The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution , these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages.