Monday, October 18, 2010

Red Hat Enterprise Linux: Important java-1.6.0-openjdk security and bug fix update

Users of Red Hat Enterprise Linux please be advised of an Important java-1.6.0-openjdk security and bug fix update vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
RHSA-2010:0768-01: Important: java-1.6.0-openjdk security and bug fix update
Product: Red Hat Enterprise Linux
Description:



These packages provide the OpenJDK 6 Java Runtime Environment and the

OpenJDK 6 Software Development Kit.



defaultReadObject of the Serialization API could be tricked into setting a

volatile field multiple times, which could allow a remote attacker to

execute arbitrary code with the privileges of the user running the applet

or application. (CVE-2010-3569)



Race condition in the way objects were deserialized could allow an

untrusted applet or application to misuse the privileges of the user

running the applet or application. (CVE-2010-3568)
Read more at www.criticalwatch.com
 

No comments:

Post a Comment