Описание
ELSA-2010-0339: java-1.6.0-openjdk security update (IMPORTANT)
[1:1.6.0.0-1.11.b16.0.1.el5]
- Add oracle-enterprise.patch
[1:1.6.0.0-1.11.b16.el5]
- Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives
[1:1.6.0-1.10.b16]
- Update to openjdk build b16
- Update to icedtea6-1.6
- Added tzdata-java requirement
- Added autoconf and automake build requirement
- Added tzdata-java requirement
- Added java-1.6.0-openjdk-gcc-stack-markings.patch
- Added java-1.6.0-openjdk-memory-barriers.patch
- Added java-1.6.0-openjdk-jar-misc.patch
- Added java-1.6.0-openjdk-linux-separate-debuginfo.patch
- Added java-1.6.0-openjdk-securitypatches-20100323.patch
- Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402
- Resolves: rhbz#576124
[1:1.6.0-1.8.b09]
- Added java-1.6.0-openjdk-debuginfo.patch
- Added java-1.6.0-openjdk-elf-debuginfo.patch
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
java-1.6.0-openjdk
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-demo
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-devel
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-javadoc
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-src
1.6.0.0-1.11.b16.0.1.el5
Oracle Linux i386
java-1.6.0-openjdk
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-demo
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-devel
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-javadoc
1.6.0.0-1.11.b16.0.1.el5
java-1.6.0-openjdk-src
1.6.0.0-1.11.b16.0.1.el5
Ссылки на источники
Связанные уязвимости
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
Apache Tomcat affected by vulnerability in TLS and SSL protocol