USN-1263-2: OpenJDK 6 regression

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm CVE-2011-3389 introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for...

USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...