Mon 9 Nov 2009
We are pleased to announce two new security releases, IcedTea6 1.5.3 and 1.6.2.
The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.
What’s New?
—————–
- Security fixes for:
—————–
- (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533)
- (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445)
- (CVE-2009-3881) resurrected classloaders can still have children (6636650)
- (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026)
- (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138)
- (CVE-2009-3880) UI logging information leakage (6664512)
- (CVE-2009-3879) GraphicsConfiguration information leak (6822057)
- (CVE-2009-3884) zoneinfo file existence information leak (6824265)
- (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062)
- (CVE-2009-3873) JPEG Image Writer quantization problem (6862968)
- (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
- (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911)
- (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357)
- (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643)
- (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358)
The tarballs and 1.6 nosrc RPM can be downloaded from:
- http://icedtea.classpath.org/download/source/icedtea6-1.5.3.tar.gz
- http://icedtea.classpath.org/download/source/icedtea6-1.6.2.tar.gz
- http://icedtea.classpath.org/download/fedora/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11.nosrc.rpm
The following people helped with the 1.5 and 1.6 release series:
Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John Hughes, Matthias Klose, Martin Matejovic, Ed Nevill, Mark Wielaard and many others.
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea6-1.6.2.tar.gz
$ cd icedtea6-1.6.2
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make
November 9th, 2009 at 11:09 pm
[...] New IcedTea6 releases, 1.5.3 and 1.6.2: http://blog.fuseyism.com/index.php/2009/11/09/icedtea6-153-162-released/ [...]
November 10th, 2009 at 1:37 am
Congrats, and thanks!
November 12th, 2009 at 12:00 am
Hi does this have the new plugin architecture? Or is that being introduced in icedtea6 1.7.0?
Cheers
November 13th, 2009 at 4:34 pm
Mike, I’m afraid you’ll have to wait for 1.7. There is a version in both 1.5 and 1.6 (–enable-npplugin), but it’s not mature enough yet.
June 6th, 2010 at 12:31 pm
[...] GNU/Andrew’s Blog Related Posts:IcedTea7 1.12 (Bigger and Bolder and Rougher and Tougher!)IcedTea6 1.7.3 Released!IcedTea6 1.7 Released! [...]