jdk-1.6.0_43

エラータID: AXSA:2013-174:03

Release date: 
Tuesday, March 12, 2013 - 14:31
Subject: 
jdk-1.6.0_43
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The Java Platform Standard Edition Development Kit (JDK) includes both the runtime environment (Java virtual machine, the Java platform classes and supporting files) and development tools (compilers, debuggers, tool libraries and other tools).

The JDK is a development environment for building applications, applets and components that can be deployed with the Java Platform Standard Edition Runtime Environment.

Security issues fixed with this release:

• CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.

• CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

Solution: 

1. Download Java SE Development Kit (JDK) 6 Update 43 (or later) from the following URL: http://www.oracle.com/technetwork/java/javase/downloads/jdk6downloads-19...
For x86: jdk-6u43-linux-i586-rpm.bin
For x86_64 jdk-6u43-linux-x64-rpm.bin
2. Install packages (as root):
for x86: # sh jdk-6u43-linux-i586-rpm.bin
for x86_64: # sh jdk-6u43-linux-x64-rpm.bin

CVEs: 
CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
Additional Info: 

N/A

Download: