MGASA-2012-0260
| Date: | September 8th, 2012 |
| Affected releases: | 2 |
Description:
Updated java-1.7.0-openjdk packages fix security vulnerability:
A flaw in the Java security manager, which is used for sandboxing Java
applets and enforcing other security restrictions, allows for arbitrary
code execution (CVE-2012-4681).
This updates IcedTea to version 2.3.2 which fixes this issue, an
XMLDecoder security issue via ClassFinder (CVE-2012-1682) and an issue
with AWT internals references (CVE-2012-0547), as well as several other
bugs.
Updated Packages:
java-1.7.0-openjdk-1.7.0.6-2.3.2.1.1.mga2
java-1.7.0-openjdk-devel-1.7.0.6-2.3.2.1.1.mga2
java-1.7.0-openjdk-demo-1.7.0.6-2.3.2.1.1.mga2
java-1.7.0-openjdk-src-1.7.0.6-2.3.2.1.1.mga2
java-1.7.0-openjdk-javadoc-1.7.0.6-2.3.2.1.1.mga2
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0547
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1682
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4681
http://blog.fuseyism.com/index.php/2012/08/30/security-icedtea-2-3-1-released/
http://blog.fuseyism.com/index.php/2012/08/31/security-icedtea6-1-10-9-1-11-4-icedtea-2-3-2-released/
https://bugs.mageia.org/show_bug.cgi?id=7278
