GNU/Andrew’s Blog

We are pleased to announce a new set of security releases, IcedTea6 1.7.8, IcedTea6 1.8.5 and IcedTea6 1.9.5.

This update contains the following security updates:

The IcedTea project provides a harness to build the source code from OpenJDK6 using Free Software build tools. It also includes the only Free Java plugin and Web Start implementation, and support for additional architectures over and above x86, x86_64 and SPARC via the Zero assembler port.

What’s New?

IcedTea6 1.7.8

• Security updates
  • RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
• Backports
  • S6687968: PNGImageReader leaks native memory through an Inflater
  • S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
  • S6782079: PNG: reading metadata may cause OOM on truncated images
• Fixes:
  • RH647157, RH582455: Update fontconfig files for rhel 6
  • PR619: Improper finalization by the plugin can crash the browser

IcedTea6 1.8.5

• Security updates
  • RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
• Backports
  • S6687968: PNGImageReader leaks native memory through an Inflater
  • S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
  • S6782079: PNG: reading metadata may cause OOM on truncated images
• Fixes
  • RH647157, RH582455: Update fontconfig files for rhel 6
  • PR619: Improper finalization by the plugin can crash the browser

IcedTea6 1.9.5

• Security updates
  • RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass
• Backports
  • S6687968: PNGImageReader leaks native memory through an Inflater
  • S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk
  • S6782079: PNG: reading metadata may cause OOM on truncated images
• Fixes
  • RH647157, RH582455: Update fontconfig files for rhel 6
  • PR619: Improper finalization by the plugin can crash the browser

The tarballs can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea6-1.7.8.tar.gz
• http://icedtea.classpath.org/download/source/icedtea6-1.8.5.tar.gz
• http://icedtea.classpath.org/download/source/icedtea6-1.9.5.tar.gz

SHA256 sums:

• a1cbb4e5962d1fed0c816cebce33b6896b61a9f19b404f5e91439b9e7ffcd97c icedtea6-1.7.8.tar.gz
• 1ee081368587507e7ea75bd3351be0eafadd3f7020930db68448bcec6fa5c452 icedtea6-1.8.5.tar.gz
• dac8ad42c452b3211b4daf26446da090f1f6c45952d9dbf52f66447adef73a29 icedtea6-1.9.5.tar.gz

The following people helped with these releases:

• Deepak Bhole
• Andrew John Hughes
• Jiri Vanek

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea6-<ver>.tar.gz
$ cd icedtea6-<ver>

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make