Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Andrew John Hughes
ahughes at redhat.com
Tue Mar 30 17:52:27 PDT 2010
On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
> The latest round of security fixes are now in the OpenJDK 6 master
> repositories.
>
And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
> -Joe
>
> abhijit.saha at sun.com wrote:
>>
>> Changeset: c60109723bf8
>> Author: dl
>> Date: 2009-11-18 11:39 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/c60109723bf8
>>
>> 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
>> Summary: Avoid integer overflow by using long arithmetic
>> Reviewed-by: dholmes, alanb, chegar
>>
>> ! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
>> ! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
>> ! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
>>
>> Changeset: 2e29fe2bfc9c
>> Author: chegar
>> Date: 2009-11-23 12:51 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/2e29fe2bfc9c
>>
>> 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
>> Reviewed-by: alanb, hawtin
>>
>> ! src/share/classes/java/lang/ThreadGroup.java
>>
>> Changeset: 1cd847ef273e
>> Author: weijun
>> Date: 2009-11-23 19:05 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/1cd847ef273e
>>
>> 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
>> encoded CommonName OIDs
>> Reviewed-by: mullan, xuelei
>>
>> ! src/share/classes/sun/security/util/ObjectIdentifier.java
>> + test/sun/security/util/Oid/BerOid.java
>>
>> Changeset: 3b74a067dcb4
>> Author: alanb
>> Date: 2009-11-25 13:05 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/3b74a067dcb4
>>
>> 6736390: File TOCTOU deserialization vulnerability
>> Reviewed-by: hawtin
>>
>> ! src/share/classes/java/io/File.java
>>
>> Changeset: cda5a0661316
>> Author: sherman
>> Date: 2009-11-25 15:40 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/cda5a0661316
>>
>> 6745393: Inflater/Deflater clone issue
>> Summary: To use an explicit lock object
>> Reviewed-by: alanb
>>
>> ! src/share/classes/java/util/zip/Deflater.java
>> ! src/share/classes/java/util/zip/Inflater.java
>> + src/share/classes/java/util/zip/ZStreamRef.java
>> ! src/share/native/java/util/zip/Deflater.c
>> ! src/share/native/java/util/zip/Inflater.c
>>
>> Changeset: 4509549ab091
>> Author: mchung
>> Date: 2009-11-30 08:25 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/4509549ab091
>>
>> 6893947: Deserialization of RMIConnectionImpl objects should enforce
>> stricter checks [ZDI-CAN-588]
>> Summary: narrow the doPrivileged block to only set context ClassLoader
>> Reviewed-by: hawtin, emcmanus
>>
>> ! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
>>
>> Changeset: 065fc20465a9
>> Author: michaelm
>> Date: 2009-12-02 12:51 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/065fc20465a9
>>
>> 6893954: Subclasses of InetAddress may incorrectly interpret network
>> addresses
>> Summary: runtime type checks and deserialization check
>> Reviewed-by: chegar, alanb, jccollet
>>
>> ! src/share/classes/java/net/DatagramSocket.java
>> ! src/share/classes/java/net/InetAddress.java
>> ! src/share/classes/java/net/MulticastSocket.java
>> ! src/share/classes/java/net/NetworkInterface.java
>> ! src/share/classes/java/net/Socket.java
>> ! src/share/classes/sun/nio/ch/Net.java
>>
>> Changeset: 76484a1390b5
>> Author: michaelm
>> Date: 2009-12-02 13:39 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/76484a1390b5
>>
>> Merge
>>
>>
>> Changeset: a82975fed3bb
>> Author: asaha
>> Date: 2009-12-04 10:22 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/a82975fed3bb
>>
>> Merge
>>
>>
>> Changeset: 56d70fff0a49
>> Author: xuelei
>> Date: 2009-12-08 20:14 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/56d70fff0a49
>>
>> 6898739: TLS renegotiation issue
>> Summary: the interim fix disables TLS/SSL renegotiation
>> Reviewed-by: mullan, chegar, wetmore
>>
>> ! src/share/classes/sun/security/ssl/ClientHandshaker.java
>> ! src/share/classes/sun/security/ssl/Handshaker.java
>> ! src/share/classes/sun/security/ssl/SSLEngineImpl.java
>> ! src/share/classes/sun/security/ssl/SSLSocketImpl.java
>> ! src/share/classes/sun/security/ssl/ServerHandshaker.java
>> !
>> test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
>> ! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
>> ! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
>> !
>> test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
>> !
>> test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
>>
>> Changeset: c33996d22908
>> Author: mullan
>> Date: 2009-12-09 14:13 -0500
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/c33996d22908
>>
>> 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
>> Reviewed-by: hawtin
>>
>> ! src/share/classes/java/security/Policy.java
>> ! src/share/classes/java/security/ProtectionDomain.java
>> + src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
>> ! src/share/classes/sun/misc/SharedSecrets.java
>> ! src/share/classes/sun/security/provider/PolicyFile.java
>>
>> Changeset: 0d6a7c587b34
>> Author: mullan
>> Date: 2009-12-09 14:17 -0500
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0d6a7c587b34
>>
>> Merge
>>
>>
>> Changeset: 30601d76d1a9
>> Author: malenkov
>> Date: 2009-12-22 17:34 +0300
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/30601d76d1a9
>>
>> 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
>> Vulnerability
>> Reviewed-by: hawtin, peterz
>>
>> ! src/share/classes/java/beans/EventHandler.java
>> ! src/share/classes/java/beans/Statement.java
>> ! test/java/beans/EventHandler/Test6277246.java
>> ! test/java/beans/EventHandler/Test6277266.java
>>
>> Changeset: 475c20b5ead9
>> Author: michaelm
>> Date: 2010-01-12 15:24 +0000
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/475c20b5ead9
>>
>> 6910590: Application can modify command array, in ProcessBuilder
>> Reviewed-by: michaelm, chegar
>>
>> ! src/share/classes/java/lang/ProcessBuilder.java
>>
>> Changeset: a70c2cb935ed
>> Author: bae
>> Date: 2010-02-17 14:47 +0300
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/a70c2cb935ed
>>
>> 6909597: Sun Java Runtime Environment JPEGImageReader stepX Integer
>> Overflow Vulnerability
>> Reviewed-by: igor
>>
>> ! src/share/native/sun/awt/image/jpeg/imageioJPEG.c
>>
>> Changeset: 47494ceba862
>> Author: bae
>> Date: 2010-02-19 21:34 +0300
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/47494ceba862
>>
>> 6914866: Sun JRE ImagingLib arbitrary code execution vulnerability
>> Reviewed-by: prr
>>
>> ! src/share/native/sun/awt/medialib/awt_ImagingLib.c
>> ! src/share/native/sun/awt/medialib/safe_alloc.h
>>
>> Changeset: 54cecb672e0f
>> Author: bae
>> Date: 2010-02-19 22:13 +0300
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/54cecb672e0f
>>
>> 6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow
>> Vulnerability
>> Reviewed-by: prr
>>
>> ! src/share/native/sun/java2d/cmm/lcms/cmsio1.c
>> ! src/share/native/sun/java2d/cmm/lcms/cmsxform.c
>>
>> Changeset: b6fe2c6e58e3
>> Author: bae
>> Date: 2010-02-19 22:50 +0300
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b6fe2c6e58e3
>>
>> 6914823: Java AWT Library Invalid Index Vulnerability
>> Reviewed-by: prr
>>
>> ! src/share/classes/sun/awt/image/ImageRepresentation.java
>>
>> Changeset: 0fc5eabbab3a
>> Author: ksrini
>> Date: 2010-02-22 14:27 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0fc5eabbab3a
>>
>> 6902299: Java JAR "unpack200" must verify input parameters
>> Summary: Added several checks for addition of values before memory
>> allocation
>> Reviewed-by: asaha
>>
>> ! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
>> ! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
>> ! test/tools/pack200/MemoryAllocatorTest.java
>>
>> Changeset: d45c527b8218
>> Author: denis
>> Date: 2010-03-01 07:17 -0800
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/d45c527b8218
>>
>> 6887703: Unsigned applet can retrieve the dragged information before drop
>> action occur
>> Reviewed-by: uta
>>
>> ! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
>>
>> Changeset: ed52e9d31440
>> Author: asaha
>> Date: 2010-03-15 16:39 -0700
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/ed52e9d31440
>>
>> Merge
>>
>> - test/sun/tools/native2ascii/test2
>>
>> Changeset: 61629da41f38
>> Author: asaha
>> Date: 2010-03-25 16:42 -0700
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/61629da41f38
>>
>> Merge
>>
>> ! src/share/classes/sun/security/ssl/SSLSocketImpl.java
>>
>> Changeset: 599b469958a8
>> Author: asaha
>> Date: 2010-03-30 07:58 -0700
>> URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/599b469958a8
>>
>> Merge
>>
>>
>>
>
>
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the jdk6-dev
mailing list