Security update for Java 1.6.0

SUSE Security Update: Security update for Java 1.6.0
Announcement ID: SUSE-SU-2013:0315-1
Rating: important
References: #494536 #792951 #801972
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP2

  • An update that contains security fixes can now be installed.


    java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,
    fixing various security issues:

    New in release 1.12.2 (2012-02-03):


    Security fixes

    o S6563318, CVE-2013-0424: RMI data sanitization
    o S6664509, CVE-2013-0425: Add logging context o S6664528,
    CVE-2013-0426: Find log level matching its name or value
    given at construction time o S6776941: CVE-2013-0427:
    Improve thread pool shutdown o S7141694, CVE-2013-0429:
    Improving CORBA internals o S7173145: Improve in-memory
    representation of splashscreens o S7186945: Unpack200
    improvement o S7186946: Refine unpacker resource usage o
    S7186948: Improve Swing data validation o S7186952,
    CVE-2013-0432: Improve clipboard access o S7186954: Improve
    connection performance o S7186957: Improve Pack200 data
    validation o S7192392, CVE-2013-0443: Better validation of
    client keys o S7192393, CVE-2013-0440: Better Checking of
    order of TLS Messages o S7192977, CVE-2013-0442: Issue in
    toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect
    about creating reflective proxies o S7200491: Tighten up
    JTable layout code o S7200500: Launcher better input
    validation o S7201064: Better dialogue checking o S7201066,
    CVE-2013-0441: Change modifiers on unused fields o
    S7201068, CVE-2013-0435: Better handling of UI elements o
    S7201070: Serialization to conform to protocol o S7201071,
    CVE-2013-0433: InetSocketAddress serialization issue o
    S8000210: Improve JarFile code quality o S8000537,
    CVE-2013-0450: Contextualize RequiredModelMBean class o
    S8000540, CVE-2013-1475: Improve IIOP type reuse management
    o S8000631, CVE-2013-1476: Restrict access to class
    constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP
    handling o S8001242: Improve RMI HTTP conformance o
    S8001307: Modify ACC_SUPER behavior o S8001972,
    CVE-2013-1478: Improve image processing o S8002325,
    CVE-2013-1480: Improve management of images


    o S7010849: 5/5 Extraneous javac source/target
    options when building sa-jdi o S8004341: Two JCK tests
    fails with 7u11 b06 o S8005615: Java Logger fails to load
    tomcat logger implementation (JULI)

    Bug fixes

    o PR1297: cacao and jamvm parallel unpack
    failures o PR1301: PR1171 causes builds of Zero to fail

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-java-1_6_0-openjdk-7332

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
    • java-1_6_0-openjdk-
    • java-1_6_0-openjdk-demo-
    • java-1_6_0-openjdk-devel-