|
|
ref #802
icedtea6 1.10.4 includes patches for the following security issues:
CVE-2011-3547: InputStream skip() information leak
CVE-2011-3548: mutable static AWTKeyStroke.ctor
CVE-2011-3551: Java2D TransformHelper integer overflow
CVE-2011-3552: excessive default UDP socket limit under SecurityManager
CVE-2011-3553: JAX-WS stack-traces information leak
CVE-2011-3544: missing SecurityManager checks in scripting engine
CVE-2011-3521: IIOP deserialization code execution
CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
CVE-2011-3556: RMI DGC server remote code execution
CVE-2011-3557: RMI registry privileged code execution
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1):
CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
CVE-2011-0865: Vulnerability in deserialization
CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
CVE-2011-0867: NetworkInterface.toString can reveal bindings
CVE-2011-0869: Vulnerability in SAAJ
CVE-2011-0870: Vulnerability in SAAJ
CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
CVE-2011-0871: ImageIcon creates Component with null acc
CVE-2011-0864: JSR rewriting can overflow memory address size variables
|
