java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.AXS4

エラータID: AXSA:2012-315:02

Release date: 
Monday, March 12, 2012 - 13:19
Subject: 
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The OpenJDK runtime environment.
Security issues fixed with this release:
CVE-2011-3571
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session.
CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
CVE-2011-3563
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
CVE-2012-0497
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2012-0501
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
CVE-2012-0502
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
CVE-2012-0503
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
CVE-2012-0505
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
CVE-2012-0506
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.

Solution: 

Update packages.

CVEs: 
CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
CVE-2011-3571
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507.
CVE-2012-0497
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2011-3563
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
CVE-2012-0502
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
CVE-2012-0501
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
CVE-2012-0503
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
CVE-2012-0505
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
CVE-2012-0506
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.




Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.AXS4.src.rpm
    MD5: 3a77b068cc209706bfc32633fa3330f8
    SHA-256: 07e1a61b766f37ad32e525a4b8b205c0413f855e50e73b46caaf77141dc5974b
    Size: 69.48 MB

Asianux Server 4 for x86
  1. java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.AXS4.i686.rpm
    MD5: 2e143b01e691330b45d7315f7fb77ac0
    SHA-256: 975104930fabffdcc355113071e83fcc34958d11f31cafc46f3eefca92b8b2d5
    Size: 25.99 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.AXS4.i686.rpm
    MD5: 27596dd58d312e0aceb875848aeee19d
    SHA-256: ffd6d40036858db99316e4260c94848f5852375e8308eb0a90e5d38ede2b66a5
    Size: 8.54 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.AXS4.i686.rpm
    MD5: 13207cfa6f255257764a1555b764066c
    SHA-256: c959088d1e268ed59c9f060ae8d8577a627fa2e3ab935314fbcc674887f0781c
    Size: 14.38 MB

Asianux Server 4 for x86_64
  1. java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.AXS4.x86_64.rpm
    MD5: 959869f3b1e07d4ff0738fcc210bca16
    SHA-256: 08b9c2c2a8654a78d95cdf8681955dc943a1b1a88b569983f35ac65fc0e3426d
    Size: 25.01 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.AXS4.x86_64.rpm
    MD5: 4a75354b90a74f2993bb4bce84d15558
    SHA-256: 2387e11d415f69500dca7de4355a6cd38232e2871415d4bfa87f5455727efaa2
    Size: 8.53 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.AXS4.x86_64.rpm
    MD5: c6237cd2fa878462224c8cb3555a1e9c
    SHA-256: d0ab2e150a9e46a2244f947adc304cee49e6c8cbbbcc8053c74df20a99b0e846
    Size: 14.38 MB