openSUSE Security Update: java-1_6_0-openjdk to 1.12.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0312-1 Rating: important References: #801972 Cross-References: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: OpenJDK (java-1_6_0-openjdk) was updated to 1.12.1 to fix bugs and security issues (bnc#801972) * Security fixes (on top of 1.12.0) - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdown - S7141694, CVE-2013-0429: Improving CORBA internals - S7173145: Improve in-memory representation of splashscreens - S7186945: Unpack200 improvement - S7186946: Refine unpacker resource usage - S7186948: Improve Swing data validation - S7186952, CVE-2013-0432: Improve clipboard access - S7186954: Improve connection performance - S7186957: Improve Pack200 data validation - S7192392, CVE-2013-0443: Better validation of client keys - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages - S7192977, CVE-2013-0442: Issue in toolkit thread - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies - S7200491: Tighten up JTable layout code - S7200500: Launcher better input validation - S7201064: Better dialogue checking - S7201066, CVE-2013-0441: Change modifiers on unused fields - S7201068, CVE-2013-0435: Better handling of UI elements - S7201070: Serialization to conform to protocol - S7201071, CVE-2013-0433: InetSocketAddress serialization issue - S8000210: Improve JarFile code quality - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class - S8000540, CVE-2013-1475: Improve IIOP type reuse management - S8000631, CVE-2013-1476: Restrict access to class constructor - S8001235, CVE-2013-0434: Improve JAXP HTTP handling Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-27 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1 java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1 References: http://support.novell.com/security/cve/CVE-2013-0424.html http://support.novell.com/security/cve/CVE-2013-0425.html http://support.novell.com/security/cve/CVE-2013-0426.html http://support.novell.com/security/cve/CVE-2013-0427.html http://support.novell.com/security/cve/CVE-2013-0428.html http://support.novell.com/security/cve/CVE-2013-0429.html http://support.novell.com/security/cve/CVE-2013-0432.html http://support.novell.com/security/cve/CVE-2013-0433.html http://support.novell.com/security/cve/CVE-2013-0434.html http://support.novell.com/security/cve/CVE-2013-0435.html http://support.novell.com/security/cve/CVE-2013-0440.html http://support.novell.com/security/cve/CVE-2013-0441.html http://support.novell.com/security/cve/CVE-2013-0442.html http://support.novell.com/security/cve/CVE-2013-0443.html http://support.novell.com/security/cve/CVE-2013-0450.html http://support.novell.com/security/cve/CVE-2013-1475.html http://support.novell.com/security/cve/CVE-2013-1476.html https://bugzilla.novell.com/801972 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org