RHSA-2009:1201: Important: java-1.6.0-openjdk security and bug fix update

These packages provide the OpenJDK 6 Java Runtime Environment and theOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)contains the software and tools that users need to run applications writtenusing the Java programming language.A flaw was found in the way the XML Digital Signature implementation in theJRE handled HMAC-based XML signatures. An attacker could use this flaw tocreate a crafted signature that could allow them to bypass authentication,or trick a user, applet, or application into accepting untrusted content.(CVE-2009-0217)Several potential information leaks were found in various mutable staticvariables. These could be exploited in application scenarios that executeuntrusted scripting code. (CVE-2009-2475)It was discovered that OpenType checks can be bypassed. This could allow arogue application to bypass access restrictions by acquiring references toprivileged objects through finalizer resurrection. (CVE-2009-2476)A denial of service flaw was found in the way the JRE processes XML. Aremote attacker could use this flaw to supply crafted XML that would leadto a denial of service. (CVE-2009-2625)A flaw was found in the JRE audio system. An untrusted applet orapplication could use this flaw to gain read access to restricted Systemproperties. (CVE-2009-2670)Two flaws were found in the JRE proxy implementation. An untrusted appletor application could use these flaws to discover the usernames of usersrunning applets and applications, or obtain web browser cookies and usethem for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)An additional flaw was found in the proxy mechanism implementation. Thisflaw allowed an untrusted applet or application to bypass accessrestrictions and communicate using non-authorized socket or URL connectionsto hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEGimages. An untrusted application could use this flaw to extend itsprivileges, allowing it to read and write local files, as well as toexecute local applications with the privileges of the user running theapplication. (CVE-2009-2674)An integer overflow flaw was found in the JRE unpack200 functionality. Anuntrusted applet or application could extend its privileges, allowing it toread and write local files, as well as to execute local applications withthe privileges of the user running the applet or application. (CVE-2009-2675)It was discovered that JDK13Services grants unnecessary privileges tocertain object types. This could be misused by an untrusted applet orapplication to use otherwise restricted functionality. (CVE-2009-2689)An information disclosure flaw was found in the way private Java variableswere handled. An untrusted applet or application could use this flaw toobtain information from variables that would otherwise be private.(CVE-2009-2690)Note: The flaws concerning applets in this advisory, CVE-2009-2475,CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,CVE-2009-2689, and CVE-2009-2690, can only be triggered injava-1.6.0-openjdk by calling the "appletviewer" application.This update also fixes the following bug: the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPELrepository to take precedence (appear newer). Users usingjava-1.6.0-openjdk from EPEL would not have received security updates sinceOctober 2008. This update prevents the packages from EPEL from takingprecedence. (BZ#499079)All users of java-1.6.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.