[SECURITY] IcedTea6 1.8.9 & 1.9.9 Released!

Dr Andrew John Hughes ahughes at redhat.com
Wed Jul 20 07:12:41 PDT 2011

There is a new set of security releases: IcedTea6 1.8.9 and IcedTea6 1.9.9.
This security issue concerns IcedTea-Web, which is not part of the IcedTea6 1.10
series, hence there will be no IcedTea6 1.10 security update.  However, an
IcedTea6 1.10 bug fix update will follow shortly.

This update contains the following security updates:

* RH718164, CVE-2011-2513: Home directory path disclosure to untrusted apps

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What Else Is New?

New in release 1.9.9 (2011-07-20):

* Bug fixes
  - PR744: icedtea6-1.10.2 : patching error
  - PR748: Icedtea6 fails to build with Linux 3.0.

New in release 1.8.9 (2011-07-20):

* Bug Fixes
  - PR744: icedtea6-1.10.2 : patching error
  - PR748: Icedtea6 fails to build with Linux 3.0.
* Shark
  - PR632: patches/security/20110215/6878713.patch breaks shark zero build

The tarballs can be downloaded from:


SHA256 sums

    e12e06c2ee642396f1d080d871a42fa4db38aced10bf13c20644f752ef03741f  icedtea6-1.8.9.tar.gz
    c2419896f8925822b0135bcd2db37affcb2b9f6f50d782e7f6b8d23afb5beb39  icedtea6-1.9.9.tar.gz

The following people helped with these releases:

    * Andrew John Hughes
    * Omair Majid
    * Xerxes Rånby
    * Pavel Tisnovsky
    * Mark Wielaard

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-<ver>.tar.gz
$ cd icedtea6-<ver>

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make

Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37

More information about the distro-pkg-dev mailing list