Security update for Java 1.6.0
SUSE Security Update: Security update for Java 1.6.0
java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
fixing various security issues:
New in release 1.12.2 (2012-02-03):
*
Security fixes
o S6563318, CVE-2013-0424: RMI data sanitization
o S6664509, CVE-2013-0425: Add logging context o S6664528,
CVE-2013-0426: Find log level matching its name or value
given at construction time o S6776941: CVE-2013-0427:
Improve thread pool shutdown o S7141694, CVE-2013-0429:
Improving CORBA internals o S7173145: Improve in-memory
representation of splashscreens o S7186945: Unpack200
improvement o S7186946: Refine unpacker resource usage o
S7186948: Improve Swing data validation o S7186952,
CVE-2013-0432: Improve clipboard access o S7186954: Improve
connection performance o S7186957: Improve Pack200 data
validation o S7192392, CVE-2013-0443: Better validation of
client keys o S7192393, CVE-2013-0440: Better Checking of
order of TLS Messages o S7192977, CVE-2013-0442: Issue in
toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
about creating reflective proxies o S7200491: Tighten up
JTable layout code o S7200500: Launcher better input
validation o S7201064: Better dialogue checking o S7201066,
CVE-2013-0441: Change modifiers on unused fields o
S7201068, CVE-2013-0435: Better handling of UI elements o
S7201070: Serialization to conform to protocol o S7201071,
CVE-2013-0433: InetSocketAddress serialization issue o
S8000210: Improve JarFile code quality o S8000537,
CVE-2013-0450: Contextualize RequiredModelMBean class o
S8000540, CVE-2013-1475: Improve IIOP type reuse management
o S8000631, CVE-2013-1476: Restrict access to class
constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
handling o S8001242: Improve RMI HTTP conformance o
S8001307: Modify ACC_SUPER behavior o S8001972,
CVE-2013-1478: Improve image processing o S8002325,
CVE-2013-1480: Improve management of images
*
Backports
o S7010849: 5/5 Extraneous javac source/target
options when building sa-jdi o S8004341: Two JCK tests
fails with 7u11 b06 o S8005615: Java Logger fails to load
tomcat logger implementation (JULI)
*
Bug fixes
o PR1297: cacao and jamvm parallel unpack
failures o PR1301: PR1171 causes builds of Zero to fail
| Announcement ID: | SUSE-SU-2013:0315-1 |
| Rating: | important |
| References: | #494536 #792951 #801972 |
| Affected Products: |
An update that contains security fixes can now be installed.
Description:
java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
fixing various security issues:
New in release 1.12.2 (2012-02-03):
*
Security fixes
o S6563318, CVE-2013-0424: RMI data sanitization
o S6664509, CVE-2013-0425: Add logging context o S6664528,
CVE-2013-0426: Find log level matching its name or value
given at construction time o S6776941: CVE-2013-0427:
Improve thread pool shutdown o S7141694, CVE-2013-0429:
Improving CORBA internals o S7173145: Improve in-memory
representation of splashscreens o S7186945: Unpack200
improvement o S7186946: Refine unpacker resource usage o
S7186948: Improve Swing data validation o S7186952,
CVE-2013-0432: Improve clipboard access o S7186954: Improve
connection performance o S7186957: Improve Pack200 data
validation o S7192392, CVE-2013-0443: Better validation of
client keys o S7192393, CVE-2013-0440: Better Checking of
order of TLS Messages o S7192977, CVE-2013-0442: Issue in
toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
about creating reflective proxies o S7200491: Tighten up
JTable layout code o S7200500: Launcher better input
validation o S7201064: Better dialogue checking o S7201066,
CVE-2013-0441: Change modifiers on unused fields o
S7201068, CVE-2013-0435: Better handling of UI elements o
S7201070: Serialization to conform to protocol o S7201071,
CVE-2013-0433: InetSocketAddress serialization issue o
S8000210: Improve JarFile code quality o S8000537,
CVE-2013-0450: Contextualize RequiredModelMBean class o
S8000540, CVE-2013-1475: Improve IIOP type reuse management
o S8000631, CVE-2013-1476: Restrict access to class
constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
handling o S8001242: Improve RMI HTTP conformance o
S8001307: Modify ACC_SUPER behavior o S8001972,
CVE-2013-1478: Improve image processing o S8002325,
CVE-2013-1480: Improve management of images
*
Backports
o S7010849: 5/5 Extraneous javac source/target
options when building sa-jdi o S8004341: Two JCK tests
fails with 7u11 b06 o S8005615: Java Logger fails to load
tomcat logger implementation (JULI)
*
Bug fixes
o PR1297: cacao and jamvm parallel unpack
failures o PR1301: PR1171 causes builds of Zero to fail
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-java-1_6_0-openjdk-7332
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
- java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1
- java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1
- java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1
References:
- https://bugzilla.novell.com/494536
- https://bugzilla.novell.com/792951
- https://bugzilla.novell.com/801972
- http://download.suse.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e