java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4

エラータID: AXSA:2012-898:04

Release date: 
Friday, September 21, 2012 - 13:48
Subject: 
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The OpenJDK runtime environment.

Security issuses fixed with this release :

• CVE-2012-0547
A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.

• CVE-2012-1682
It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions.

Solution: 

Update package.

CVEs: 
CVE-2012-1682
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
CVE-2012-0547
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.src.rpm
    MD5: a1e87955a203de0c3b07373083f0395d
    SHA-256: ce3717689dcfeca55fa6b8eb4121ae73993a82944d1a773340963311b4806456
    Size: 62.10 MB

Asianux Server 4 for x86
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 03df62b09ba45279e20e2c433581bc1e
    SHA-256: 98c4cc50d5494d513bd2ddf2247fce5d1947e8dcde2619e1d21aaae789039bf4
    Size: 26.04 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 8b0b48d15c30fb79f0359f0a0112efbc
    SHA-256: 5619ba3be3e2296f86ad94fb99718c9a96684c956f2de11009aa469d8894cce9
    Size: 8.55 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.AXS4.i686.rpm
    MD5: 6659eabf8b41c45d524a32e33a55907b
    SHA-256: 53d1df836d4a782c51e022006f49263e1bcd123df2218027476a2d51e95bbc34
    Size: 14.37 MB

Asianux Server 4 for x86_64
  1. java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: b63ba6842c076b9c8e8653d47e4c7621
    SHA-256: df290d175e7ccb45a5ee3b1d4bd207183cab9dd24e1681c4cb23d23c5999079d
    Size: 25.06 MB
  2. java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: 4fba44388e1a1c72a44209e98b314e12
    SHA-256: 180e72e7cf9baef880484a76eb4189dcb67e437afca8c00f2fd1ea7447850429
    Size: 8.53 MB
  3. java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.AXS4.x86_64.rpm
    MD5: 10e9d1dd15f8d6d6a6f8bbbea011b339
    SHA-256: 495f96919799adc09adf98fa9a242bf781cec75688a3d652ebcb465254159fe8
    Size: 14.38 MB