Mailinglist Archive: opensuse-security-announce (36 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:0315-1: important: Security update for Java 1.6.0
SUSE Security Update: Security update for Java 1.6.0
______________________________________________________________________________

Announcement ID: SUSE-SU-2013:0315-1
Rating: important
References: #494536 #792951 #801972
Affected Products:
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:


java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
fixing various security issues:

New in release 1.12.2 (2012-02-03):

*

Security fixes

o S6563318, CVE-2013-0424: RMI data sanitization
o S6664509, CVE-2013-0425: Add logging context o S6664528,
CVE-2013-0426: Find log level matching its name or value
given at construction time o S6776941: CVE-2013-0427:
Improve thread pool shutdown o S7141694, CVE-2013-0429:
Improving CORBA internals o S7173145: Improve in-memory
representation of splashscreens o S7186945: Unpack200
improvement o S7186946: Refine unpacker resource usage o
S7186948: Improve Swing data validation o S7186952,
CVE-2013-0432: Improve clipboard access o S7186954: Improve
connection performance o S7186957: Improve Pack200 data
validation o S7192392, CVE-2013-0443: Better validation of
client keys o S7192393, CVE-2013-0440: Better Checking of
order of TLS Messages o S7192977, CVE-2013-0442: Issue in
toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
about creating reflective proxies o S7200491: Tighten up
JTable layout code o S7200500: Launcher better input
validation o S7201064: Better dialogue checking o S7201066,
CVE-2013-0441: Change modifiers on unused fields o
S7201068, CVE-2013-0435: Better handling of UI elements o
S7201070: Serialization to conform to protocol o S7201071,
CVE-2013-0433: InetSocketAddress serialization issue o
S8000210: Improve JarFile code quality o S8000537,
CVE-2013-0450: Contextualize RequiredModelMBean class o
S8000540, CVE-2013-1475: Improve IIOP type reuse management
o S8000631, CVE-2013-1476: Restrict access to class
constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
handling o S8001242: Improve RMI HTTP conformance o
S8001307: Modify ACC_SUPER behavior o S8001972,
CVE-2013-1478: Improve image processing o S8002325,
CVE-2013-1480: Improve management of images
*

Backports

o S7010849: 5/5 Extraneous javac source/target
options when building sa-jdi o S8004341: Two JCK tests
fails with 7u11 b06 o S8005615: Java Logger fails to load
tomcat logger implementation (JULI)
*

Bug fixes

o PR1297: cacao and jamvm parallel unpack
failures o PR1301: PR1171 causes builds of Zero to fail


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Desktop 11 SP2:

zypper in -t patch sledsp2-java-1_6_0-openjdk-7332

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1
java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1
java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1


References:

https://bugzilla.novell.com/494536
https://bugzilla.novell.com/792951
https://bugzilla.novell.com/801972

http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages