[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:137 -- Mandriva java-1.6.0-openjdk

ID: oval:org.secpod.oval:def:300942Date: (C)2012-01-07   (M)2017-10-12
Class: PATCHFamily: unix




Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK: A memory leak flaw allows remote attackers to cause a denial of service via a crafted image file . Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow . Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the input or output channel . A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file . Further security fixes in the JRE and in the Java API of OpenJDK: A flaw in handling temporary font files by the Java Virtual Machine allows remote attackers to cause denial of service . An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service . A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service . A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response . Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet . A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code . A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image . A flaw in the Java API for XML Web Services service endpoint handling allows remote attackers to cause a denial of service on the service endpoint"s server side . A flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet . This update provides fixes for these issues. Update: java-1.6.0-openjdk requires rhino packages and these has been further updated.

Platform:
Mandriva Linux 2009.0
Mandriva Linux 2009.1
Product:
java-1.6.0-openjdk
Reference:
MDVSA-2009:137
CVE-2009-1102
CVE-2009-1101
CVE-2009-1098
CVE-2009-1097
CVE-2009-1096
CVE-2009-1094
CVE-2009-1093
CVE-2009-0794
CVE-2006-2426
CVE-2009-0793
CVE-2009-0733
CVE-2009-0723
CVE-2009-0581
CVE    13
CVE-2009-0794
CVE-2009-0723
CVE-2006-2426
CVE-2009-0733
...
CPE    1
cpe:/o:mandriva:linux:2009.0

© 2013 SecPod Technologies