Package: openjdk-6 Version: 6_6b17~pre3-1 Severity: serious Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were published for openjdk-6 in 2007. It is very likely that they are all fixed; however, this needs to be manually verified. Please check. Thank you. CVE-2006-2426[0]: | Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 | and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to | cause a denial of service (disk consumption) by using the | Font.createFont function to create temporary files of arbitrary size | in the %temp% directory. CVE-2007-2788[1]: | Integer overflow in the embedded ICC profile image parser in Sun Java | Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before | 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK | and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, | and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to | execute arbitrary code or cause a denial of service (JVM crash) via a | crafted JPEG or BMP file that triggers a buffer overflow. CVE-2007-2789[2]: | The BMP image parser in Sun Java Development Kit (JDK) before | 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime | Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, | SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and | earlier, when running on Unix/Linux systems, allows remote attackers | to cause a denial of service (JVM hang) via untrusted applets or | applications that open arbitrary local files via a crafted BMP file, | such as /dev/tty. CVE-2007-3503[3]: | The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML | documentation pages that contain cross-site scripting (XSS) | vulnerabilities, which allows remote attackers to inject arbitrary web | script or HTML via unspecified vectors. CVE-2007-3655[4]: | Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE | 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote | attackers to execute arbitrary code via a long codebase attribute in a | JNLP file. CVE-2007-3698[5]: | The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 | and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE | 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows | remote attackers to cause a denial of service (CPU consumption) via | certain SSL/TLS handshake requests. CVE-2007-3716[6]: | The Java XML Digital Signature implementation in Sun JDK and JRE 6 | before Update 2 does not properly process XSLT stylesheets in XSLT | transforms in XML signatures, which allows context-dependent attackers | to execute arbitrary code via a crafted stylesheet, a related issue to | CVE-2007-3715. CVE-2007-3922[7]: | Unspecified vulnerability in the Java Runtime Environment (JRE) Applet | Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 | Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote | attackers to violate the security model for an applet's outbound | connections by connecting to certain localhost services running on the | machine that loaded the applet. CVE-2007-5232[8]: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and | earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 | and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching | is enabled, allows remote attackers to violate the security model for | an applet's outbound connections via a DNS rebinding attack. CVE-2007-5237[9]: | Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not | properly enforce access restrictions for untrusted applications, which | allows user-assisted remote attackers to read and modify local files | via an untrusted application, aka "two vulnerabilities." CVE-2007-5238[10]: | Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE | 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does | not properly enforce access restrictions for untrusted applications, | which allows user-assisted remote attackers to obtain sensitive | information (the Java Web Start cache location) via an untrusted | application, aka "three vulnerabilities." CVE-2007-5239[11]: | Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE | 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK | and JRE 1.3.1_20 and earlier does not properly enforce access | restrictions for untrusted (1) applications and (2) applets, which | allows user-assisted remote attackers to copy or rename arbitrary | files when local users perform drag-and-drop operations from the | untrusted application or applet window onto certain types of desktop | applications. CVE-2007-5240[12]: | Visual truncation vulnerability in the Java Runtime Environment in Sun | JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and | earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 | and earlier allows remote attackers to circumvent display of the | untrusted-code warning banner by creating a window larger than the | workstation screen. CVE-2007-5273[13]: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and | earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 | and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy | server is used, allows remote attackers to violate the security model | for an applet's outbound connections via a multi-pin DNS rebinding | attack in which the applet download relies on DNS resolution on the | proxy server, but the applet's socket operations rely on DNS | resolution on the local machine, a different issue than CVE-2007-5274. | NOTE: this is similar to CVE-2007-5232. CVE-2007-5274[14]: | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and | earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 | and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or | Opera is used, allows remote attackers to violate the security model | for JavaScript outbound connections via a multi-pin DNS rebinding | attack dependent on the LiveConnect API, in which JavaScript download | relies on DNS resolution by the browser, but JavaScript socket | operations rely on separate DNS resolution by a Java Virtual Machine | (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to | CVE-2007-5232. CVE-2007-5375[15]: | Interpretation conflict in the Sun Java Virtual Machine (JVM) allows | user-assisted remote attackers to conduct a multi-pin DNS rebinding | attack and execute arbitrary JavaScript in an intranet context, when | an intranet web server has an HTML document that references a | "mayscript=true" Java applet through a local relative URI, which may | be associated with different IP addresses by the browser and the JVM. CVE-2007-5689[16]: | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) | in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and | JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, | allows remote attackers to execute arbitrary programs, or read or | modify arbitrary files, via applets that grant privileges to | themselves. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426 http://security-tracker.debian.org/tracker/CVE-2006-2426 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 http://security-tracker.debian.org/tracker/CVE-2007-2788 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 http://security-tracker.debian.org/tracker/CVE-2007-2789 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503 http://security-tracker.debian.org/tracker/CVE-2007-3503 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655 http://security-tracker.debian.org/tracker/CVE-2007-3655 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698 http://security-tracker.debian.org/tracker/CVE-2007-3698 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716 http://security-tracker.debian.org/tracker/CVE-2007-3716 [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3922 http://security-tracker.debian.org/tracker/CVE-2007-3922 [8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232 http://security-tracker.debian.org/tracker/CVE-2007-5232 [9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237 http://security-tracker.debian.org/tracker/CVE-2007-5237 [10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238 http://security-tracker.debian.org/tracker/CVE-2007-5238 [11] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239 http://security-tracker.debian.org/tracker/CVE-2007-5239 [12] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240 http://security-tracker.debian.org/tracker/CVE-2007-5240 [13] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273 http://security-tracker.debian.org/tracker/CVE-2007-5273 [14] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274 http://security-tracker.debian.org/tracker/CVE-2007-5274 [15] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5375 http://security-tracker.debian.org/tracker/CVE-2007-5375 [16] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689 http://security-tracker.debian.org/tracker/CVE-2007-5689 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
