Risks

Advisories

Browse

SUSE Security Update - Java 1.6.0 (SUSE-SU-2013:0315-1)

 SUSE Security Update: Security update for Java 1.6.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0315-1
Rating:             important
References:         #494536 #792951 #801972
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
   fixing various  security issues:

   New in release 1.12.2 (2012-02-03):

   *

   Security fixes

   o S6563318, CVE-2013-0424: RMI data sanitization
   o S6664509, CVE-2013-0425: Add logging context o S6664528,
   CVE-2013-0426: Find log level matching its name or value
   given at construction time o S6776941: CVE-2013-0427:
   Improve thread pool shutdown o S7141694, CVE-2013-0429:
   Improving CORBA internals o S7173145: Improve in-memory
   representation of splashscreens o S7186945: Unpack200
   improvement o S7186946: Refine unpacker resource usage o
   S7186948: Improve Swing data validation o S7186952,
   CVE-2013-0432: Improve clipboard access o S7186954: Improve
   connection performance o S7186957: Improve Pack200 data
   validation o S7192392, CVE-2013-0443: Better validation of
   client keys o S7192393, CVE-2013-0440: Better Checking of
   order of TLS Messages o S7192977, CVE-2013-0442: Issue in
   toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
   about creating reflective proxies o S7200491: Tighten up
   JTable layout code o S7200500: Launcher better input
   validation o S7201064: Better dialogue checking o S7201066,
   CVE-2013-0441: Change modifiers on unused fields o
   S7201068, CVE-2013-0435: Better handling of UI elements o
   S7201070: Serialization to conform to protocol o S7201071,
   CVE-2013-0433: InetSocketAddress serialization issue o
   S8000210: Improve JarFile code quality o S8000537,
   CVE-2013-0450: Contextualize RequiredModelMBean class o
   S8000540, CVE-2013-1475: Improve IIOP type reuse management
   o S8000631, CVE-2013-1476: Restrict access to class
   constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
   handling o S8001242: Improve RMI HTTP conformance o
   S8001307: Modify ACC_SUPER behavior o S8001972,
   CVE-2013-1478: Improve image processing o S8002325,
   CVE-2013-1480: Improve management of images
   *

   Backports

   o S7010849: 5/5 Extraneous javac source/target
   options when building sa-jdi o S8004341: Two JCK tests
   fails with 7u11 b06 o S8005615: Java Logger fails to load
   tomcat logger implementation (JULI)
   *

   Bug fixes

   o PR1297: cacao and jamvm parallel unpack
   failures o PR1301: PR1171 causes builds of Zero to fail


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-java-1_6_0-openjdk-7332

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1


References:

   https://bugzilla.novell.com/494536
   https://bugzilla.novell.com/792951
   https://bugzilla.novell.com/801972
   http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e

Spotlight

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.

Is Microsoft is reading your Skype communications?

Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.

Internet Explorer best at blocking malware

Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Researcher refuses to help Saudi telco to spy on people

Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.

Malicious browser extensions are hijacking Facebook accounts

Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.

Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.

Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.

DON'T
MISS
Fri, May 17th

17 May 2013.

Data stealing attacks using fake attachments

17 May 2013.

A look into the EC Council hack

16 May 2013.

Thoughts on the need for anonymity

16 May 2013.

Researchers reveal OpUSA attackers' MO

15 May 2013.

How to get a job in information security