GNU/Andrew’s Blog

The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.

A new set of security releases are now available for the OpenJDK 6 series: 1.11.8 & 1.12.3. These contain the following security fixes:

• S8006446, CVE-2013-1486: Restrict MBeanServer access
• S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
• S8007688: Blacklist known bad certificate

Full details of each release can be found below.

What’s New?

New in release 1.11.8 (2013-02-19)

• Security fixes
  • S8006446, CVE-2013-1486: Restrict MBeanServer access
  • S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
  • S8007688: Blacklist known bad certificate
• Backports
  • S7123519: problems with certification path
  • S8007393: Possible race condition after JDK-6664509
  • S8007611: logging behavior in applet changed
• Bug fixes
  • PR1319: Support GIF lib v5.

New in release 1.12.3 (2013-02-19)

• Security fixes
  • S8006446, CVE-2013-1486: Restrict MBeanServer access
  • S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
  • S8007688: Blacklist known bad certificate
• Backports
  • S8007393: Possible race condition after JDK-6664509
  • S8007611: logging behavior in applet changed
• Bug fixes
  • PR1319: Support GIF lib v5.

The tarballs can be downloaded from:

• http://icedtea.classpath.org/download/source/icedtea6-1.11.8.tar.gz (sig)
• http://icedtea.classpath.org/download/source/icedtea6-1.12.3.tar.gz (sig)

SHA256 checksums:

• 62620b5544d5e1df7508d7c777fb78532c75eec43b99c8c7d1a3c84f352c1ea3 icedtea6-1.11.8.tar.gz
• db9dc14fa537fb22616fcd9e5b80758aa7baa66e0b6f8adfe3d5e80414574b4c icedtea6-1.12.3.tar.gz

The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using my public key. See details below.

• PGP Key: 248BDC07 (https://keys.indymedia.org/)
• Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

The following people helped with these releases:

• Severin Gehwolf (production of reproducer for 8006777)
• Andrew John Hughes (application of security fixes & backports, creation & testing of bug fixes, reproducer testing, release management)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xzf icedtea-${version}.tar.gz
$ cd icedtea-${version}

where ${version} is the version you’ve downloaded.

Full build requirements and instructions are in INSTALL:

$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make

Happy hacking!