-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:095 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.7.0-openjdk Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated java-1.7.0-openjdk packages fix security vulnerabilities: Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444). Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480). A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432). The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted (CVE-2013-0435). Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434). It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack (CVE-2013-0424). It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake (CVE-2013-0440). It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack (CVE-2013-0443). Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484). An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485). It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169). An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: b951d387ee818e0b204cb1a239ac2ae1 mbs1/x86_64/java-1.7.0-openjdk-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm 00676ff0eefe12d69e0b93ee4f9ac8c4 mbs1/x86_64/java-1.7.0-openjdk-demo-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm 3733ddb46d4ba9fe639d90271c1113c3 mbs1/x86_64/java-1.7.0-openjdk-devel-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm 1d47fd14d7fe3a20d81c5cf808e75fe6 mbs1/x86_64/java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.8.1.1.mbs1.noarch.rpm baab88a94f04c3c3f0fc322fe2562c9b mbs1/x86_64/java-1.7.0-openjdk-src-1.7.0.6-2.3.8.1.1.mbs1.x86_64.rpm d019dda16506ffb609ae8ce66a7cda7c mbs1/SRPMS/java-1.7.0-openjdk-1.7.0.6-2.3.8.1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZQ6mmqjQ0CJFipgRArrgAKCPZMbOA1UtXaG4tQd9CKEggT1x/gCfYfXv 8XJUrvALufbbaHuyChk9zik= =TGuI -----END PGP SIGNATURE-----