[Secure-testing-team] Bug#558173: Update 17 fixes several security issues

Moritz Muehlenhoff jmm at debian.org
Thu Nov 26 21:09:58 UTC 2009 

Package: sun-java6
Severity: grave
Tags: security

Update 17 fixes a lot of security issues:

   [58]CVE-2009-3728 Directory traversal vulnerability in the ICC_Profile.getInstance ...
   [59]CVE-2009-3729 Unspecified vulnerability in the TrueType font parsing functionality ...
   [60]CVE-2009-3865 The launch method in the Deployment Toolkit plugin in Java Runtime ...
   [61]CVE-2009-3866 The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...
   [62]CVE-2009-3867 Stack-based buffer overflow in the HsbParser.getSoundBank function in ...
   [63]CVE-2009-3868 Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...
   [64]CVE-2009-3869 Stack-based buffer overflow in the setDiffICM function in the Abstract ...
   [65]CVE-2009-3871 Heap-based buffer overflow in the setBytePixels function in the ...
   [66]CVE-2009-3872 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...
   [67]CVE-2009-3873 The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...
   [68]CVE-2009-3874 Integer overflow in the JPEGImageReader implementation in the ImageI/O ...
   [69]CVE-2009-3875 The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...
   [70]CVE-2009-3876 Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...
   [71]CVE-2009-3879 Multiple unspecified vulnerabilities in the (1) X11 and (2) ...
   [72]CVE-2009-3880 The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...
   [73]CVE-2009-3881 Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...
   [74]CVE-2009-3882 Multiple unspecified vulnerabilities in the Swing implementation in ...
   [75]CVE-2009-3884 The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...
   [76]CVE-2009-3886 The Java Web Start implementation in Sun Java SE 6 before Update 17 ...

Details can be found in the Debian Security Tracker.

Cheers,
        Moritz


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

More information about the Secure-testing-team mailing list