Risks
Advisories
Browse
or
or
SUSE Security Update - Java 1.6.0 (SUSE-SU-2013:0315-1)
 SUSE Security Update: Security update for Java 1.6.0
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0315-1
Rating:             important
References:         #494536 #792951 #801972
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
   fixing various  security issues:

   New in release 1.12.2 (2012-02-03):

   *

   Security fixes

   o S6563318, CVE-2013-0424: RMI data sanitization
   o S6664509, CVE-2013-0425: Add logging context o S6664528,
   CVE-2013-0426: Find log level matching its name or value
   given at construction time o S6776941: CVE-2013-0427:
   Improve thread pool shutdown o S7141694, CVE-2013-0429:
   Improving CORBA internals o S7173145: Improve in-memory
   representation of splashscreens o S7186945: Unpack200
   improvement o S7186946: Refine unpacker resource usage o
   S7186948: Improve Swing data validation o S7186952,
   CVE-2013-0432: Improve clipboard access o S7186954: Improve
   connection performance o S7186957: Improve Pack200 data
   validation o S7192392, CVE-2013-0443: Better validation of
   client keys o S7192393, CVE-2013-0440: Better Checking of
   order of TLS Messages o S7192977, CVE-2013-0442: Issue in
   toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
   about creating reflective proxies o S7200491: Tighten up
   JTable layout code o S7200500: Launcher better input
   validation o S7201064: Better dialogue checking o S7201066,
   CVE-2013-0441: Change modifiers on unused fields o
   S7201068, CVE-2013-0435: Better handling of UI elements o
   S7201070: Serialization to conform to protocol o S7201071,
   CVE-2013-0433: InetSocketAddress serialization issue o
   S8000210: Improve JarFile code quality o S8000537,
   CVE-2013-0450: Contextualize RequiredModelMBean class o
   S8000540, CVE-2013-1475: Improve IIOP type reuse management
   o S8000631, CVE-2013-1476: Restrict access to class
   constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
   handling o S8001242: Improve RMI HTTP conformance o
   S8001307: Modify ACC_SUPER behavior o S8001972,
   CVE-2013-1478: Improve image processing o S8002325,
   CVE-2013-1480: Improve management of images
   *

   Backports

   o S7010849: 5/5 Extraneous javac source/target
   options when building sa-jdi o S8004341: Two JCK tests
   fails with 7u11 b06 o S8005615: Java Logger fails to load
   tomcat logger implementation (JULI)
   *

   Bug fixes

   o PR1297: cacao and jamvm parallel unpack
   failures o PR1301: PR1171 causes builds of Zero to fail


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-java-1_6_0-openjdk-7332

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1
      java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1


References:

   https://bugzilla.novell.com/494536
   https://bugzilla.novell.com/792951
   https://bugzilla.novell.com/801972
   http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //