openjdk-6 - several

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java SE platform. The Common Vulnerabilities
and Exposures project identifies the following problems:

• CVE-2011-0862
  Integer overflow errors in the JPEG and font parser allow
  untrusted code (including applets) to elevate its privileges.
• CVE-2011-0864
  Hotspot, the just-in-time compiler in OpenJDK, mishandled
  certain byte code instructions, allowing untrusted code
  (including applets) to crash the virtual machine.
• CVE-2011-0865
  A race condition in signed object deserialization could
  allow untrusted code to modify signed content, apparently
  leaving its signature intact.
• CVE-2011-0867
  Untrusted code (including applets) could access information
  about network interfaces which was not intended to be public.
  (Note that the interface MAC address is still available to
  untrusted code.)
• CVE-2011-0868
  A float-to-long conversion could overflow, allowing
  untrusted code (including applets) to crash the virtual
  machine.
• CVE-2011-0869
  Untrusted code (including applets) could intercept HTTP
  requests by reconfiguring proxy settings through a SOAP
  connection.
• CVE-2011-0871
  Untrusted code (including applets) could elevate its
  privileges through the Swing MediaTracker code.

In addition, this update removes support for the Zero/Shark and Cacao
Hotspot variants from the i386 and amd64 due to stability issues.
These Hotspot variants are included in the openjdk-6-jre-zero and
icedtea-6-jre-cacao packages, and these packages must be removed
during this update.

For the oldstable distribution (lenny), these problems will be fixed
in a separate DSA for technical reasons.

For the stable distribution (squeeze), these problems have been fixed
in version 6b18-1.8.9-0.1~squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 6b18-1.8.9-0.1.

We recommend that you upgrade your openjdk-6 packages.