The full internal version number for this update release is 1.6.0_17-b04 (where "b" means "build").
The external version number is 6u17.
On October 30, 2008, Java SE 1.4.2 reached its end of service life
with the release of 1.4.2_19. Future revisions of Java SE 1.4.2
(1.4.2_20 and above) include the
Access Only option
and are available to
Java SE for Business
subscribers.
Bug Fixes
This release contains fixes for one or more security vulnerabilities.
For more information, please see Sun Alerts
269868,
269869,
269870,
270474,
270475,
and
270476.
Bug fixes for vulnerabilities are listed in the following table.
| BugId |
Category |
Subcategory |
Description |
|
6631533
|
java
|
classes_2d
|
ICC_Profile allows detecting if some files exist
|
|
6815780
|
java
|
classes_2d
|
TrueType font parsing crash when stressing Sun Bug 6751322 test case
|
|
6822057
|
java
|
classes_2d
|
X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
|
|
6862969
|
java
|
classes_2d
|
JPEG JFIF Decoder issue
|
|
6862970
|
java
|
classes_2d
|
Image Color Profile parsing issue
|
|
6872357
|
java
|
classes_2d
|
JRE AWT setDifflCM vulnerable to Stack Overflow
|
|
6872358
|
java
|
classes_2d
|
JRE AWT setBytePixels vulnerable to Heap Overflow
|
|
6664512
|
java
|
classes_awt
|
Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
|
|
6636650
|
java
|
classes_lang
|
(cl) Resurrected ClassLoaders can still have children
|
|
6861062
|
java
|
classes_security
|
Disable MD2 in certificate chain validation
|
|
6863503
|
java
|
classes_security
|
SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
|
|
6864911
|
java
|
classes_security
|
ASN.1/DER input stream parser needs more work
|
|
6854303
|
java
|
classes_sound
|
Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
|
|
6657026
|
java
|
classes_swing
|
Numerous static security flaws in Swing (findbugs)
|
|
6657138
|
java
|
classes_swing
|
Mutable statics in Windows PL&F (findbugs)
|
|
6824265
|
java
|
classes_util_i18n
|
(tz) TimeZone.getTimeZone allows probing local filesystem
|
|
6632445
|
java
|
imageio
|
DoS from parsing BMPs with UNC ICC links
|
|
6862968
|
java
|
imageio
|
JPEG Image Writer quantization problem
|
|
6874643
|
java
|
imageio
|
ImageI/O JPEG is vulnerable to Heap Overflow
|
|
6869694
|
java
|
install
|
java update malfunctioning
|
|
6869752
|
java_deployment
|
deployment_toolkit
|
Deployment Toolkit plugin "launch" method vulnerable to exploits
|
|
6872824
|
javawebstart
|
general
|
arbitary code execution using java web start
|
|
6870531
|
javawebstart
|
other
|
REGRESSION:have problem to run JNLP app and applets with signed Jar files
|
| BugId |
Category |
Subcategory |
Description |
|
6842999
|
hotspot
|
runtime_system
|
Update hotspot windows os_win32 for windows 2008 R2
|
|
6804454
|
java
|
classes_2d
|
RFE: Provide a way to control the printing dpi resolution from MSIE browser print. See also 6801859
|
|
6813208
|
java
|
classes_awt
|
pageDialog throws NPE from applet
|
|
6825342
|
java
|
classes_awt
|
Security warning may change Z-order of top-level
|
|
6843003
|
java
|
classes_lang
|
Windows Server 2008 R2 system recognition
|
|
6860447
|
java
|
classes_security
|
Add GlobalSign R3 Root certificate to the JDK
|
|
6872579
|
java
|
classes_security
|
Add SECOM Root CA 2 to JDK
|
|
6880110
|
java
|
classes_util_i18n
|
(tz) Support tzdata2009m
|
|
6814140
|
java
|
classes_util_logging
|
deadlock due to synchronized demandLogger() code that locks ServerLogManager
|
|
6879614
|
jaxp
|
parse
|
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl failing to parse xml document
|