Wed 20 Feb 2013
[SECURITY] IcedTea 1.11.8 & 1.12.3 for OpenJDK 6 Released!
Posted by gnu_andrew under IcedTea , OpenJDK , SecurityNo Comments
The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools, along with additional features such as a PulseAudio sound driver and support for alternative virtual machines.
A new set of security releases are now available for the OpenJDK 6 series: 1.11.8 & 1.12.3. These contain the following security fixes:
- S8006446, CVE-2013-1486: Restrict MBeanServer access
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
- S8007688: Blacklist known bad certificate
Full details of each release can be found below.
What’s New?
New in release 1.11.8 (2013-02-19)
- Security fixes
- S8006446, CVE-2013-1486: Restrict MBeanServer access
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
- S8007688: Blacklist known bad certificate
- Backports
- Bug fixes
- PR1319: Support GIF lib v5.
New in release 1.12.3 (2013-02-19)
- Security fixes
- S8006446, CVE-2013-1486: Restrict MBeanServer access
- S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
- S8007688: Blacklist known bad certificate
- Backports
- Bug fixes
- PR1319: Support GIF lib v5.
The tarballs can be downloaded from:
- http://icedtea.classpath.org/download/source/icedtea6-1.11.8.tar.gz (sig)
- http://icedtea.classpath.org/download/source/icedtea6-1.12.3.tar.gz (sig)
SHA256 checksums:
- 62620b5544d5e1df7508d7c777fb78532c75eec43b99c8c7d1a3c84f352c1ea3 icedtea6-1.11.8.tar.gz
- db9dc14fa537fb22616fcd9e5b80758aa7baa66e0b6f8adfe3d5e80414574b4c icedtea6-1.12.3.tar.gz
The tarballs are accompanied by digital signatures available at the above ‘sig’ link. This is produced using my public key. See details below.
- PGP Key: 248BDC07 (https://keys.indymedia.org/)
- Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
The following people helped with these releases:
- Severin Gehwolf (production of reproducer for 8006777)
- Andrew John Hughes (application of security fixes & backports, creation & testing of bug fixes, reproducer testing, release management)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea-${version}.tar.gz $ cd icedtea-${version}
where ${version}
is the version you’ve downloaded.
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...] $ make