IcedTea6 1.5.3 & 1.6.2 Released!
Andrew John Hughes
gnu_andrew at member.fsf.org
Mon Nov 9 15:12:05 PST 2009
We are pleased to announce two new security releases, IcedTea6 1.5.3 and 1.6.2.
The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.
What’s New?
—————–
- Security fixes for:
—————–
(CVE-2009-3728) ICC_Profile file existence detection information leak (6631533)
(CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445)
(CVE-2009-3881) resurrected classloaders can still have children (6636650)
(CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026)
(CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138)
(CVE-2009-3880) UI logging information leakage (6664512)
(CVE-2009-3879) GraphicsConfiguration information leak (6822057)
(CVE-2009-3884) zoneinfo file existence information leak (6824265)
(CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062)
(CVE-2009-3873) JPEG Image Writer quantization problem (6862968)
(CVE-2009-3875) MessageDigest.isEqual introduces timing attack
vulnerabilities (6863503)
(CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
denial of service (6864911)
(CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357)
(CVE-2009-3874) ImageI/O JPEG heap overflow (6874643)
(CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358)
The tarballs and 1.6 nosrc RPM can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea6-1.5.3.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.6.2.tar.gz
* http://icedtea.classpath.org/download/fedora/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11.nosrc.rpm
The following people helped with the 1.5 and 1.6 release series:
Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John
Hughes, Matthias Klose, Martin Matejovic, Ed Nevill, Mark Wielaard and
many others.
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea6-1.6.2.tar.gz
$ cd icedtea6-1.6.2
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make
Blog: http://blog.fuseyism.com/index.php/2009/11/09/icedtea6-153-162-released/
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev
mailing list