SUSE-SU-2013:0315-1: important: Security update for Java 1.6.0

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Feb 20 08:04:17 MST 2013 

   SUSE Security Update: Security update for Java 1.6.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0315-1
Rating:             important
References:         #494536 #792951 #801972 
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
   fixing various  security issues:

   New in release 1.12.2 (2012-02-03):

   *

   Security fixes

   o S6563318, CVE-2013-0424: RMI data sanitization
   o S6664509, CVE-2013-0425: Add logging context o S6664528,
   CVE-2013-0426: Find log level matching its name or value
   given at construction time o S6776941: CVE-2013-0427:
   Improve thread pool shutdown o S7141694, CVE-2013-0429:
   Improving CORBA internals o S7173145: Improve in-memory
   representation of splashscreens o S7186945: Unpack200
   improvement o S7186946: Refine unpacker resource usage o
   S7186948: Improve Swing data validation o S7186952,
   CVE-2013-0432: Improve clipboard access o S7186954: Improve
   connection performance o S7186957: Improve Pack200 data
   validation o S7192392, CVE-2013-0443: Better validation of
   client keys o S7192393, CVE-2013-0440: Better Checking of
   order of TLS Messages o S7192977, CVE-2013-0442: Issue in
   toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
   about creating reflective proxies o S7200491: Tighten up
   JTable layout code o S7200500: Launcher better input
   validation o S7201064: Better dialogue checking o S7201066,
   CVE-2013-0441: Change modifiers on unused fields o
   S7201068, CVE-2013-0435: Better handling of UI elements o
   S7201070: Serialization to conform to protocol o S7201071,
   CVE-2013-0433: InetSocketAddress serialization issue o
   S8000210: Improve JarFile code quality o S8000537,
   CVE-2013-0450: Contextualize RequiredModelMBean class o
   S8000540, CVE-2013-1475: Improve IIOP type reuse management
   o S8000631, CVE-2013-1476: Restrict access to class
   constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
   handling o S8001242: Improve RMI HTTP conformance o
   S8001307: Modify ACC_SUPER behavior o S8001972,
   CVE-2013-1478: Improve image processing o S8002325,
   CVE-2013-1480: Improve management of images
   *

   Backports

   o S7010849: 5/5 Extraneous javac source/target
   options when building sa-jdi o S8004341: Two JCK tests
   fails with 7u11 b06 o S8005615: Java Logger fails to load
   tomcat logger implementation (JULI)
   *

   Bug fixes

   o PR1297: cacao and jamvm parallel unpack
   failures o PR1301: PR1171 causes builds of Zero to fail


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-java-1_6_0-openjdk-7332

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1


References:

   https://bugzilla.novell.com/494536
   https://bugzilla.novell.com/792951
   https://bugzilla.novell.com/801972
   http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e

More information about the sle-security-updates mailing list